Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1711
Views
0
Helpful
1
Replies

Stealthwatch: Self Generate Cert vs. CA cert

Go to solution
KelvinT
Level 5
Level 5

‎09-10-2020 01:00 PM

Hello,

 

Is it best/common practice to install a customized certificate for stealtwatch SMC or is it recommended to use the original self generated certificate?  There isn't much documentation on this topic.  I tried to use a CA cert in the lab and it was a royal pain. 

 

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-11-2020 07:57 PM

It's more of a preference and policy issue than it is anything to do with the StealthWatch functionality.

Some organizations take the approach that anything that is secured with a certificate should have a proper one signed by a trusted CA. However others say that since the only people interacting with the SMC are qualified security practitioners they know that accepting the self signed certificate is not a security risk in this case.

I lean towards the former camp but it does mean we have to increase our skills with certificates and CAs. Vendors could certainly do a better job at making it easier. I have at least a dozen very different methods for dealing with certificates just among the Cisco products I use. If I spend half a day wrestling with certificate configuration, that's half a day I'm not dealing with actual security issues.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-11-2020 07:57 PM

It's more of a preference and policy issue than it is anything to do with the StealthWatch functionality.

Some organizations take the approach that anything that is secured with a certificate should have a proper one signed by a trusted CA. However others say that since the only people interacting with the SMC are qualified security practitioners they know that accepting the self signed certificate is not a security risk in this case.

I lean towards the former camp but it does mean we have to increase our skills with certificates and CAs. Vendors could certainly do a better job at making it easier. I have at least a dozen very different methods for dealing with certificates just among the Cisco products I use. If I spend half a day wrestling with certificate configuration, that's half a day I'm not dealing with actual security issues.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card