cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for Cisco DNA Center Resources to help you on your journey with Cisco DNA Center

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

245
Views
5
Helpful
1
Replies
Highlighted
Contributor

DNA Center PKI Certificate subordinate CA under subordinate enterprise CA ?

As I understand, DNA Center can have

  • a server certificate (configured under System Settings > Settings > Certificate) and
  • device PKI CA certificate (configured under System Settings > Settings > PKI Certificate Management) that can be changed to subordinate mode.

The documentation explains that the server certificate may be issued by a subordinate external CA.

My question: may the device PKI sub-CA certificate be issued by a subordinate external CA? I mean

Level 1 Enterprise Root CA

Level 2 Enterprise Subordinate CA

Level 3 DNA Center device PKI sub-CA

Level 4 device certificate issued by DNA Center

1 REPLY 1

Re: DNA Center PKI Certificate subordinate CA under subordinate enterprise CA ?

i am running this without "Level 2" and i dont have any problems...and also i dont see any problem there...

 

anyway i need to reset my lab in 2 weeks then i will try it the way you provided...

 

EDIT:

 

1) make sure the csr contains all ip adresses including die vips and the fqdn of dnac like the pic shows

aaaa.png

2) make sure when creating the "cert-package" u import into dnac contains all the certs of all involved ca's!

 

 

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards