Showing results for 
Search instead for 
Did you mean: 

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.


how to use default cisco CA for sd-wan?

how to use default cisco CA for sd-wan?

anyone please share the steps.



Rohit Raj
Events Top Contributor

What do you mean? If you have cloud-hosted controllers, then you don't need to worry about CA.

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.

Its on prem controller deployment and i want to use CISCO PKI. So what will be the step to use CISCO PKI?
Rohit Raj

ok so i got the answer that when i will select Cisco automated from controller certificate authorization it will use CISCO PKI through PnP portal but the conditions are following :-

1. vManage should reaches out via VPN 0 tp the PnP portal to submit the CSRs and retrieve signed certificated, also vManage also required internet connectivity.

2. you need to populate the smart account credentials before generating CSRs.

so this is the steps if anyone wants to use CISCO automated PKI.

BUT what if i can not provide internet connection to vManage, will in this case Am i allow to use  CISCO PKI manually?


if yes then kindly write the steps. Need help asap.



Rohit Raj

You need to manually upload the CSRs in Symantec portal dedicated for viptela and provide customer details. You will receive certificates over email, once your request is approved.


Let me see if I can get the URL for you or you can also check with your Cisco SE.




i am not allow to provide Internet to vManage, in this case am i allow to use manual CISCO PKI ? if yes then how ?
what will be the steps. could you please share the link or guide , so that i can follow .

kindly help.

Rohit Raj

For Cisco Cloud hosted controllers, Cisco relies on Symantec as Cert Authority. Now if you do not have internet access for vManage, generate CSRs from vManage, download the CSRs, upload it on Symantec portal, once request is approved, you will get the certificates on your email, and once you have the certificates, you will upload them to vmanage.

thanks for the reply !!
to use this url, does customer has to purchase the subscription from Symantec or its free?
customer has on prem controller deployment.

kindly answer.
Rohit Raj

Hey there,


You will have to pay for whatever is the certificate cost charged by Symantec.



Tushar Gaba

Content for Community-Ad