cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1411
Views
10
Helpful
1
Replies

How to manually install root PKI?

SvenL
Level 1
Level 1

Hi,

 

I'm hitting  a new bug:

Cisco PKI Root Certificates not Installed on 16.x Routers
CSCvr71672
 
Symptom:
CRTVERFL error during plug-and-play (PnP) process with cEdge Router.
'Show sdwan cert root-ca-cert' on the router does not show a Cisco CA.
Conditions:
- Cisco CA Configured on Controllers
- cEdge running 16.x code
Workaround:
Manual installation of Cisco Root PKI
 
I have no idea how to apply the workaround. Anybody knows?
 
Thanks,
SvenL.
1 Reply 1

Hi,

 

you need to add root cert file in router's memory. You can use any file transfer method, then run below command:

request platform software sdwan root-cert-chain install [file_path]

Trick:

if you dont want to use file transfer method, you may create text file in IOS with TCL script then change its extension from .txt to .crt and run above command. Example, you have root-ca.crt file which is root certificate file. Open it in your computer with any text editor and copy/paste it in relevant section (red line) of script. Copy the whole script and paste it to router's CLI in privilege exec (#) mode.

tclsh
puts [open "bootflash:test.txt" w+] {
COPY ROOT_CA TEXT FILE
}
tclquit

Rename script in CLI:

rename bootflash:test.txt bootflash:root-ca.crt

Then run:

request platform software sdwan root-cert-chain install bootflash:root-ca.crt

 

Regards,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: