Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1160
Views
6
Helpful
24
Replies

Cisco SD WAN : Web Server Certificate

RS19
Level 4
Level 4

‎06-05-2024 11:51 PM

In my environment, Cisco SD-WAN Web server certficate is expiring. 

What is the impact if is expires ? What will happen if I dont renew it.

0 Helpful
24 Replies 24

balaji.bandi
Hall of Fame
Hall of Fame
In response to RS19

‎06-12-2024 03:30 PM

If you using same PKI - generate new cert and install on vManage.

https://www.cisco.com/c/en/us/support/docs/wan/dpt/220426-sd-wan-controllers-certificate-renewal-v.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

RS19
Level 4
Level 4
In response to balaji.bandi

‎06-25-2024 05:26 PM

Sorry Still unclear.

At present when I access the vManage, the certificate error is shown and then I can access it if I accept it and proceeed further.

So after the certificate expires will I be able to continue as same or will i be not able to access the vManage.

0 Helpful

RS19
Level 4
Level 4
In response to RS19

‎07-01-2024 05:07 PM

Any help ?

0 Helpful

Kanan Huseynli
VIP
VIP

‎07-02-2024 03:15 PM

Below is the guide about web-server certificate:

https://www.cisco.com/c/en/us/support/docs/routers/sd-wan/217426-understand-the-web-certificate-for-vmana.html

The process is simple as in normal web sites. You generate certificate signing request for web server and provide file to CA owner. CA signs certificate and provides to you final actual certificate (Note: CA root certificate should in trusted be root CA list).

If you don't have relation to any CA, you my just generate self-signed CA

https://www.cisco.com/c/en/us/support/docs/routers/sd-wan/215103-how-to-generate-self-signed-web-certific.html 

 

Answer to your last question: if web-server certification, technically nothing special happens. You can still access to vManage GUI.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

RS19
Level 4
Level 4
In response to Kanan Huseynli

‎07-09-2024 08:13 PM

I was testing this in the  Cisco Sand box.
I got the attached error. Any idea what is this  & how to resolve this ?

 

Preview file
29 KB
0 Helpful

RS19
Level 4
Level 4
In response to RS19

‎07-10-2024 12:59 AM

Any help or inputs ?

 

0 Helpful

RS19
Level 4
Level 4
In response to Kanan Huseynli

‎07-10-2024 05:54 AM

In the link which you have shared, under the problem heading, it says access to Graphical User Access to the Graphical User Interface (GUI) can be lost . 

I am still having concern that if certificate is expired, will the vManage will be still accessible or not ?

 

0 Helpful

Kanan Huseynli
VIP
VIP
In response to RS19

‎07-10-2024 07:02 AM

Hello,

recently in production, our vmanage cert has expired and we could access. Basically, it simple shows an error message that "certificate is not secure" (well-known browser page when you have problem with certificate).

Regarding openssl, I'm not sure at which level access is granted for sandbox user. You can do respective steps (create CA) on your linux machine or windows on linux.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

RS19
Level 4
Level 4
In response to Kanan Huseynli

‎07-10-2024 05:08 PM

I tried the same in my production. Getting the attached error message. Any idea what is this ?

PEM routines:get_header_and_data:bad end line:crypto/pem/pem_lib.c:841

 

0 Helpful

Kanan Huseynli
VIP
VIP
In response to RS19

‎07-11-2024 12:17 AM

What did you do and where do you see this error? Screen picture please

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful
Customers Also Viewed These Support Documents