cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for Cisco DNA Center Resources to help you on your journey with Cisco DNA Center

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

219
Views
0
Helpful
2
Replies
Highlighted
Beginner

DNAC Certificate Exchange causes Switch DNAC to fail to validate the certificate

Hello everybody,

 

after migrating my network equipment to Cisco DNAC I've changed the server certificate. After that, I can no longer initiate IOS updates with DNAC.

 

Error Message:

Failed to submit schedule - Creating a task schedule failed: Failed to validate "Create Distribute Task" scheduled to run at May 20, 2019 10:30 PM CEST: javax.net.ssl.SSLPeerUnverifiedException: Host name '10.xxx.xxx.xxx' does not match the certificate subject provided by the peer (C=US, ST=CA, O=Test, OU=Test, CN=dna.test.intra)

 

How can I replace the PKI Trustpoint on the switches? Is there any chance to push it via the DNAC without discovering the whole campus again?

 

Best regards,

Johannes

1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

Re: DNAC Certificate Exchange causes Switch DNAC to fail to validate the certificate

You should be able to use Template Editor to push the configs to your NADs. This will save you the time of discovering everything again. Just make sure then you setup your template to save & commit. Then re-provision your NADs and ensure that you check to apply your template so the configs are updated. HTH!
2 REPLIES 2
Rising star

Re: DNAC Certificate Exchange causes Switch DNAC to fail to validate the certificate

You should be able to use Template Editor to push the configs to your NADs. This will save you the time of discovering everything again. Just make sure then you setup your template to save & commit. Then re-provision your NADs and ensure that you check to apply your template so the configs are updated. HTH!
Beginner

Re: DNAC Certificate Exchange causes Switch DNAC to fail to validate the certificate

Hi Mike,

 

thank you for your support. That's the way we'll do it.

 

For anyone who needs this template in the future, here's my syntax:

 

<MLTCMD>
crypto pki authenticate DNAC-CA
-----BEGIN CERTIFICATE-----
... Insert the certificate ...
-----END CERTIFICATE-----
quit
yes
</MLTCMD>

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards