cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for Cisco DNA Center Resources to help you on your journey with Cisco DNA Center

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

570
Views
5
Helpful
2
Replies
Highlighted
Participant

DNAC Certificates

Hi,

 

Does anyone know if it is mandatory to change the DNAC self-signed certificate with one that us signed by an internal CA that contains the IP and FQDN in the SAN entry? I've read a number of setup guides and the requirement for this is not consistent.

 

Thanks

2 REPLIES 2
Cisco Employee

Re: DNAC Certificates

Hi  ,If CA signed,Both ISE & DNA-C certificate should be signed by same CA.Also please share the DNA-C and ISE version.

Cisco Employee

Re: DNAC Certificates

Hi Wills,

Cisco DNA Center uses a number of certificates, such as the certificates generated by Kubernetes and the certificate used by the Kong and Credential Manager services. These certificates are issued with a validity of one year. They expire a year after the cluster is installed.

 

In Cisco DNA Center 1.2.8 and later versions, these certificates are automatically renewed for another year before they are about to expire. The user need NOT take any manual action on these Cisco DNA Center versions. Users using these versions of Cisco DNA can skip this article.

 

In Cisco DNA Center 1.2.7 and previous versions, these certificates must be manually renewed by the user. It is recommended to renew the certificates before they expire.

Please contact sac-support@cisco.com for any further queries.

Hope this helps!

 

Regards,

Vibha Jha

Cisco Sales Acceleration Center

sac-support@cisco.com

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards