Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1480
Views
20
Helpful
1
Replies

Cisco IOS-XE SDWAN C8000v device certificate re-install?

Go to solution
junglesman
Level 1
Level 1

‎02-25-2022 09:15 AM

Hello,

 

Is there a way to re-install a certificate of a virtual sd-wan edge router without decomissioning the device in vManage?

After some error the device certificate disappeared but on vManage it says certificate is installed. I could do a "request ... vedge_cloud activate" to have connection with vManage and vBond but still no control connection to the vSmart and cert is still not installed. I could re-install the root-ca-chain but that made no difference. The generated CSR (signing request) is visible in vManage but cannot generate a new one. On some routers the activate command + reload helped but not this one (same version..). This process is automated by default, when a new device is added vManage generates a CSR and signs it and installs it on the Edge but it seems this cannot be triggered but only with decomissioning and re-adding the device?

 

C8000V#request platform software sdwan vedge_cloud activate chassis-number ... token ...

C8000V#sh sdwan control local-properties

root-ca-chain-status Installed

certificate-status Not-Installed

 

------------------------------------------

Found this command on vmanage cli but not sure if this is what I'm looking for and if this would install the cert on the edge too:

 

vmanage# request vmanage-sign ?
Possible completions:
csr Sign the CSR and generate certificate

 

vmanage# request vmanage-sign csr ?
Possible completions:
file
path Path to the CSR
serial Serial number of the certificate, in hexadecimal
| Output modifiers

 

vmanage# request vmanage-sign csr file
Value for 'file' (<string>):

1 Accepted Solution

Accepted Solutions

Go to solution
junglesman
Level 1
Level 1

‎03-01-2022 03:49 AM

Okay, so probably there is no better option. I was asking this because I thought you have to re-bootstrap the device too but actually you can reactivate it without that:

 

1. Configuration/Devices/ find the vedge and use and click ... to Decommission WAN Edge, after that a new token will be generated

2. Use below command to re-activate the device:


request platform software sdwan vedge_cloud activate chassis-number <chassis-num> token <new_token>


After this certificate-status will be also installed and after some minutes the handshake with all vSmarts also happen

3. Re-attach the device template

 

 

Watch out for bug CSCvy59469 on 20.3.X controllers -> If you decommission a device, and add another after that (or the same) all connections will flap.

View solution in original post

1 Reply 1

Go to solution
junglesman
Level 1
Level 1

‎03-01-2022 03:49 AM

Okay, so probably there is no better option. I was asking this because I thought you have to re-bootstrap the device too but actually you can reactivate it without that:

 

1. Configuration/Devices/ find the vedge and use and click ... to Decommission WAN Edge, after that a new token will be generated

2. Use below command to re-activate the device:


request platform software sdwan vedge_cloud activate chassis-number <chassis-num> token <new_token>


After this certificate-status will be also installed and after some minutes the handshake with all vSmarts also happen

3. Re-attach the device template

 

 

Watch out for bug CSCvy59469 on 20.3.X controllers -> If you decommission a device, and add another after that (or the same) all connections will flap.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents