cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2281
Views
20
Helpful
1
Replies

Cisco IOS-XE SDWAN C8000v device certificate re-install?

junglesman
Level 1
Level 1

Hello,

 

Is there a way to re-install a certificate of a virtual sd-wan edge router without decomissioning the device in vManage?

After some error the device certificate disappeared but on vManage it says certificate is installed. I could do a "request ... vedge_cloud activate" to have connection with vManage and vBond but still no control connection to the vSmart and cert is still not installed. I could re-install the root-ca-chain but that made no difference. The generated CSR (signing request) is visible in vManage but cannot generate a new one. On some routers the activate command + reload helped but not this one (same version..). This process is automated by default, when a new device is added vManage generates a CSR and signs it and installs it on the Edge but it seems this cannot be triggered but only with decomissioning and re-adding the device?

 

C8000V#request platform software sdwan vedge_cloud activate chassis-number ... token ...

C8000V#sh sdwan control local-properties

root-ca-chain-status Installed

certificate-status Not-Installed

 

------------------------------------------

Found this command on vmanage cli but not sure if this is what I'm looking for and if this would install the cert on the edge too:

 

vmanage# request vmanage-sign ?
Possible completions:
csr Sign the CSR and generate certificate

 

vmanage# request vmanage-sign csr ?
Possible completions:
file
path Path to the CSR
serial Serial number of the certificate, in hexadecimal
| Output modifiers

 

vmanage# request vmanage-sign csr file
Value for 'file' (<string>):

1 Accepted Solution

Accepted Solutions

junglesman
Level 1
Level 1

Okay, so probably there is no better option. I was asking this because I thought you have to re-bootstrap the device too but actually you can reactivate it without that:

 

1. Configuration/Devices/ find the vedge and use and click ... to Decommission WAN Edge, after that a new token will be generated

2. Use below command to re-activate the device:


request platform software sdwan vedge_cloud activate chassis-number <chassis-num> token <new_token>


After this certificate-status will be also installed and after some minutes the handshake with all vSmarts also happen

3. Re-attach the device template

 

 

Watch out for bug CSCvy59469 on 20.3.X controllers -> If you decommission a device, and add another after that (or the same) all connections will flap.

View solution in original post

1 Reply 1

junglesman
Level 1
Level 1

Okay, so probably there is no better option. I was asking this because I thought you have to re-bootstrap the device too but actually you can reactivate it without that:

 

1. Configuration/Devices/ find the vedge and use and click ... to Decommission WAN Edge, after that a new token will be generated

2. Use below command to re-activate the device:


request platform software sdwan vedge_cloud activate chassis-number <chassis-num> token <new_token>


After this certificate-status will be also installed and after some minutes the handshake with all vSmarts also happen

3. Re-attach the device template

 

 

Watch out for bug CSCvy59469 on 20.3.X controllers -> If you decommission a device, and add another after that (or the same) all connections will flap.

Review Cisco Networking for a $25 gift card