Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1247
Views
0
Helpful
3
Replies

Replacing Self-Signed Cert Issue

Xividar
Level 1
Level 1

‎02-01-2021 05:29 AM - edited ‎02-01-2021 05:29 AM

Hi Guys,

I am trying to replace my Self-Signed DNAC certificate, and use one from my PKI. I am following this link - I am getting to the last step, but my Private Key is being rejected "Private Key Validation Failed" - I am little unsure as to why this is failing. I am using a Windows CA. Any help would be apprecaited.

Screenshot 2021-02-01 at 13.26.06.png

 

Thanks.

Labels:
0 Helpful
3 Replies 3

Mike.Cifelli
VIP Alumni
VIP Alumni

‎02-01-2021 08:52 AM

What version of DNAC are you running?  This is a new one that I have not seen yet.  I had a certificate import/replacement error as well a little while back, see: Replacing DNAC Certificate Error - Cisco Community

Not sure if that will help your situation, but worth a shot to check the box.  Lastly, I would suggest engaging TAC (incase of a bug), and possibly re-doing the process from scratch to see if the outcome is different.  HTH!

0 Helpful

Xividar
Level 1
Level 1
In response to Mike.Cifelli

‎02-01-2021 09:01 AM

Hi Mike,

2.1.2.5 here, thank you, I will check that link - if not, it might well be a TAC call

Thanks.

0 Helpful

densto
Level 1
Level 1

‎02-01-2021 03:03 PM - edited ‎02-01-2021 03:14 PM

Hi Xividar,

Did you add your ROOT Ca certificate in DNA Trust POOL?

https://yourdna-server/dna/systemSettings/settings?settings-item=trustpool

also did you add all ip addresses and host names including VIP to SAN for all nodes when you generated CSR?

Thanks

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card