cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

639
Views
5
Helpful
8
Replies
Highlighted
Beginner

certificate issue with controllers after generate csr

Hello.

I'm in trouble with certification. I've installed a CA Server(Microsoft), and accord to documents get .cert certificate for vmanage-web and copy it in this path: "Setting" and then open "Controller Certificate Authorization" and select "Enterprise Root Certification" and select the cert file, Also filled entire items below the "Set CSR Properties".

After that open "Configurations" and then go to "Controllers" and after select vManage tap on "Install Certificate" and then select cert file for vmanage which gets from CA decode64 CSR code Generated and then click Install. After all of these steps I get this error :

error-.JPG

 

Please help. I will get crazy!!

8 REPLIES 8
Highlighted

Re: certificate issue with controllers after generate csr

 Re-generate CSR, Sign it again and install.

 

Thanks,

Srikanth

Highlighted
Beginner

Re: certificate issue with controllers after generate csr

I did it, but problem still exist.

Highlighted
Beginner

Re: certificate issue with controllers after generate csr

I solved the problem, but after click on Install certificate, one next page when it goes to scheduled I get this output error:

 

 

[8-Sep-2019 8:59:28 IRDT] Install Certificate, on device 35a1f932-44bb-4b31-9108-c839e268246f, started by user "admin" from IP address "192.168.42.44"
[8-Sep-2019 8:59:29 IRDT] Pushing serial list to vManage-35a1f932-44bb-4b31-9108-c839e268246f (SIC-vManage)
[8-Sep-2019 8:59:29 IRDT] Started processing serial list file on vManage-35a1f932-44bb-4b31-9108-c839e268246f (SIC-vManage)
[8-Sep-2019 8:59:30 IRDT] Completed processing serial list file on vManage-35a1f932-44bb-4b31-9108-c839e268246f (SIC-vManage)
[8-Sep-2019 8:59:31 IRDT] Done - Push vSmart List for vManage-35a1f932-44bb-4b31-9108-c839e268246f (SIC-vManage)
[8-Sep-2019 8:59:31 IRDT] Updated controllers with new certificate serial number of vManage-35a1f932-44bb-4b31-9108-c839e268246f
[8-Sep-2019 8:59:32 IRDT] Failed to process device request -
Error type : application
Error tag : operation-failed
Error Message : log : Error: root-ca-chain unable to validate the certificate... Aborting !
Error info : <error-info>
<bad-element>install</bad-element>
</error-info>

[8-Sep-2019 8:59:32 IRDT] Pushing serial list to vManage-35a1f932-44bb-4b31-9108-c839e268246f (SIC-vManage)
[8-Sep-2019 8:59:33 IRDT] Started processing serial list file on vManage-35a1f932-44bb-4b31-9108-c839e268246f (SIC-vManage)
[8-Sep-2019 8:59:34 IRDT] Completed processing serial list file on vManage-35a1f932-44bb-4b31-9108-c839e268246f (SIC-vManage)
[8-Sep-2019 8:59:34 IRDT] Done - Push vSmart List for vManage-35a1f932-44bb-4b31-9108-c839e268246f (SIC-vManage)

Highlighted
Rising star

Re: certificate issue with controllers after generate csr

Did you install the root certificate?

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.
Highlighted
Beginner

Re: certificate issue with controllers after generate csr

I guess no, how ?

Highlighted

Re: certificate issue with controllers after generate csr

You can install either via vManage or directly on vSmart using "request root-cert install" command.

 

Have a look at the below video for help.

https://youtu.be/UJEgiUck9vA

 

Thanks,

Srikanth

This video will show you how to install enterprise root-ca certificate in controllers of Cisco SD-WAN solution using vManage. #SDWAN #Cisco #SD-WAN #Training...
Highlighted
Beginner

Re: certificate issue with controllers after generate csr

I am facing same issue, could you please post the solution. It will highly appreciated.

Highlighted
Beginner

Re: certificate issue with controllers after generate csr

what's your exact problem? explain more.