cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for Cisco DNA Center Resources to help you on your journey with Cisco DNA Center

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

205
Views
0
Helpful
2
Replies
Highlighted
Beginner

DNAC Certificate - Authority "Self Signed"

Hi! I am trying to import a certificate to DNAC signed by our internal RootCA. I have followed the guide, but, it is still "self signed" according to DNAC. Guide: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/hardening_guide/b_dnac_security_best_practices_guide.html#d54e1532a1635

 

I have made a PEM file with "Signed Cisco DNA Center certificate + subordinate CA + RootCA" in it. I can load the cert in correctly, but if I query the API for cert validation: https://dnac.xxxx.se/api/v1/certificate/validate

Response from API: "[SAN check failed, Certificate not signed by trusted CA]"

 

Can I import the RootCA cert in some way to get DNAC to trust my internal RootCA?

dnac_cert_hidden.png

 

Everyone's tags (2)
2 REPLIES 2
Cisco Employee

Re: DNAC Certificate - Authority "Self Signed"

Can you please open a TAC case for this so they can investigate?  If DNA Center indicated that your certificate was uploaded correctly, then it doesn't make sense that it isn't reflected by the system later on.

Beginner

Re: DNAC Certificate - Authority "Self Signed"

Hi! I opened a case via DNA Solution Support and got the response from them that it is a bug and also that there is no ETA on a fix: "There is indeed a bug id but hasn’t been yet released. There is no ETA for this fix yet. And yes, you can treat it as a cosmetic issue."

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards