Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
677
Views
0
Helpful
4
Replies

Is there a need to generate a CSR on the vEdge router?

Go to solution
Kenneth Goh
Level 1
Level 1

‎10-14-2023 02:34 AM

Hi, I am currently using vEdge version 20.3.1. I managed to onboard vEdge to vManage and did not create CSR on vEdge.

As shown in the steos below I successfully onboarded vEdge to vManage. I would like to confirm if there is a need to generate CSR on vEdge and have it signed by Root CA Server?

1) Configure the system parameters on vEdge, including:- configuring tunnel-interface & encapsulation ipsec

2) Download the Root Certificate onto vEdge

3) Install/Trust root CA certificate on vEdge:

vEdge# request root-cert-chain install /home/admin/CA.crt

4) Register vEdge to vManage, on vManage under Configuration -> Devices -> All Edge List -> Generate Bootstrap Configuration

5) Activate vEdge with:

vEdge# request vedge-cloud activate chassis-number 158c7134-18db-6625-5726-2e88d0ecb90f token 4fbe5e5df0ab435baa5abc9b09187808

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanan Huseynli
VIP
VIP

‎10-17-2023 03:11 PM

Hi,

based on commands, you onboarded vedge-cloud. Certificate depends on settings in vmanage. Most probably you have vmanage-signed CA option and vmanage automatically generated CSR for the router and signed with internal CA of vmanage.

This is not signed by enterprise CA. For this, you need manually generate CSR sign and import certificate to device.

Go to Settings > Administration> Check for the option "WAN Edge Cloud Certificate Authorization". If it is "automated" , then it is vmanage based CA and it signs certificates.

 
HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
M02@rt37
VIP
VIP

‎10-14-2023 03:52 AM

Hello @Kenneth Goh,

While generating a CSR and having it signed by a Root CA can add an extra layer of security, the approach you've followed is valid for basic onboarding and connectivity to vManage.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
Kenneth Goh
Level 1
Level 1
In response to M02@rt37

‎10-16-2023 01:18 AM

Hi, is there a way to verify that the vEdge has it's CSR signed by the Root CA Server? As since it was already successfully onboarded to vMansge.
0 Helpful

Go to solution
Kanan Huseynli
VIP
VIP

‎10-17-2023 03:11 PM

Hi,

based on commands, you onboarded vedge-cloud. Certificate depends on settings in vmanage. Most probably you have vmanage-signed CA option and vmanage automatically generated CSR for the router and signed with internal CA of vmanage.

This is not signed by enterprise CA. For this, you need manually generate CSR sign and import certificate to device.

Go to Settings > Administration> Check for the option "WAN Edge Cloud Certificate Authorization". If it is "automated" , then it is vmanage based CA and it signs certificates.

 
HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Go to solution
Kenneth Goh
Level 1
Level 1
In response to Kanan Huseynli

‎10-19-2023 12:08 AM

KennethGoh_0-1697699275944.png

Yes is automated!

0 Helpful
Customers Also Viewed These Support Documents