10-14-2023 02:34 AM
Hi, I am currently using vEdge version 20.3.1. I managed to onboard vEdge to vManage and did not create CSR on vEdge.
As shown in the steos below I successfully onboarded vEdge to vManage. I would like to confirm if there is a need to generate CSR on vEdge and have it signed by Root CA Server?
1) Configure the system parameters on vEdge, including:- configuring tunnel-interface & encapsulation ipsec
2) Download the Root Certificate onto vEdge
3) Install/Trust root CA certificate on vEdge:
vEdge# request root-cert-chain install /home/admin/CA.crt
4) Register vEdge to vManage, on vManage under Configuration -> Devices -> All Edge List -> Generate Bootstrap Configuration
5) Activate vEdge with:
vEdge# request vedge-cloud activate chassis-number 158c7134-18db-6625-5726-2e88d0ecb90f token 4fbe5e5df0ab435baa5abc9b09187808
Solved! Go to Solution.
10-17-2023 03:11 PM
Hi,
based on commands, you onboarded vedge-cloud. Certificate depends on settings in vmanage. Most probably you have vmanage-signed CA option and vmanage automatically generated CSR for the router and signed with internal CA of vmanage.
This is not signed by enterprise CA. For this, you need manually generate CSR sign and import certificate to device.
Go to Settings > Administration> Check for the option "WAN Edge Cloud Certificate Authorization". If it is "automated" , then it is vmanage based CA and it signs certificates.
10-14-2023 03:52 AM
Hello @Kenneth Goh,
While generating a CSR and having it signed by a Root CA can add an extra layer of security, the approach you've followed is valid for basic onboarding and connectivity to vManage.
10-16-2023 01:18 AM
10-17-2023 03:11 PM
Hi,
based on commands, you onboarded vedge-cloud. Certificate depends on settings in vmanage. Most probably you have vmanage-signed CA option and vmanage automatically generated CSR for the router and signed with internal CA of vmanage.
This is not signed by enterprise CA. For this, you need manually generate CSR sign and import certificate to device.
Go to Settings > Administration> Check for the option "WAN Edge Cloud Certificate Authorization". If it is "automated" , then it is vmanage based CA and it signs certificates.
10-19-2023 12:08 AM
Yes is automated!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide