02-25-2022 09:15 AM
Hello,
Is there a way to re-install a certificate of a virtual sd-wan edge router without decomissioning the device in vManage?
After some error the device certificate disappeared but on vManage it says certificate is installed. I could do a "request ... vedge_cloud activate" to have connection with vManage and vBond but still no control connection to the vSmart and cert is still not installed. I could re-install the root-ca-chain but that made no difference. The generated CSR (signing request) is visible in vManage but cannot generate a new one. On some routers the activate command + reload helped but not this one (same version..). This process is automated by default, when a new device is added vManage generates a CSR and signs it and installs it on the Edge but it seems this cannot be triggered but only with decomissioning and re-adding the device?
C8000V#request platform software sdwan vedge_cloud activate chassis-number ... token ...
C8000V#sh sdwan control local-properties
root-ca-chain-status Installed
certificate-status Not-Installed
------------------------------------------
Found this command on vmanage cli but not sure if this is what I'm looking for and if this would install the cert on the edge too:
vmanage# request vmanage-sign ?
Possible completions:
csr Sign the CSR and generate certificate
vmanage# request vmanage-sign csr ?
Possible completions:
file
path Path to the CSR
serial Serial number of the certificate, in hexadecimal
| Output modifiers
vmanage# request vmanage-sign csr file
Value for 'file' (<string>):
Solved! Go to Solution.
03-01-2022 03:49 AM
Okay, so probably there is no better option. I was asking this because I thought you have to re-bootstrap the device too but actually you can reactivate it without that:
1. Configuration/Devices/ find the vedge and use and click ... to Decommission WAN Edge, after that a new token will be generated
2. Use below command to re-activate the device:
request platform software sdwan vedge_cloud activate chassis-number <chassis-num> token <new_token>
After this certificate-status will be also installed and after some minutes the handshake with all vSmarts also happen
3. Re-attach the device template
Watch out for bug CSCvy59469 on 20.3.X controllers -> If you decommission a device, and add another after that (or the same) all connections will flap.
03-01-2022 03:49 AM
Okay, so probably there is no better option. I was asking this because I thought you have to re-bootstrap the device too but actually you can reactivate it without that:
1. Configuration/Devices/ find the vedge and use and click ... to Decommission WAN Edge, after that a new token will be generated
2. Use below command to re-activate the device:
request platform software sdwan vedge_cloud activate chassis-number <chassis-num> token <new_token>
After this certificate-status will be also installed and after some minutes the handshake with all vSmarts also happen
3. Re-attach the device template
Watch out for bug CSCvy59469 on 20.3.X controllers -> If you decommission a device, and add another after that (or the same) all connections will flap.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide