cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

391
Views
10
Helpful
1
Replies
SvenL
Beginner

How to manually install root PKI?

Hi,

 

I'm hitting  a new bug:

Cisco PKI Root Certificates not Installed on 16.x Routers
CSCvr71672
 
Symptom:
CRTVERFL error during plug-and-play (PnP) process with cEdge Router.
'Show sdwan cert root-ca-cert' on the router does not show a Cisco CA.
Conditions:
- Cisco CA Configured on Controllers
- cEdge running 16.x code
Workaround:
Manual installation of Cisco Root PKI
 
I have no idea how to apply the workaround. Anybody knows?
 
Thanks,
SvenL.
1 REPLY 1
Kanan Huseynli
Participant

Hi,

 

you need to add root cert file in router's memory. You can use any file transfer method, then run below command:

request platform software sdwan root-cert-chain install [file_path]

Trick:

if you dont want to use file transfer method, you may create text file in IOS with TCL script then change its extension from .txt to .crt and run above command. Example, you have root-ca.crt file which is root certificate file. Open it in your computer with any text editor and copy/paste it in relevant section (red line) of script. Copy the whole script and paste it to router's CLI in privilege exec (#) mode.

tclsh
puts [open "bootflash:test.txt" w+] {
COPY ROOT_CA TEXT FILE
}
tclquit

Rename script in CLI:

rename bootflash:test.txt bootflash:root-ca.crt

Then run:

request platform software sdwan root-cert-chain install bootflash:root-ca.crt

 

Regards,