Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
2
Replies

Root Certificate Query

knaik99
Level 1
Level 1

‎03-05-2023 10:56 AM

if Viptela router is working and we are going to add new Viptela router then can we copy root certificate from working Viptela router or Vmanage or Vbond?

if yes,then why do so ?

I think --each Viptela router has individual root certificate

0 Helpful
2 Replies 2

Dan Frey
Cisco Employee
Cisco Employee

‎03-06-2023 05:53 AM

Root chain certificates (rcc) must be the same across the entire SDWAN fabric including the control components and the routers.  If you are using the Cisco CA service then the rcc is embedded in the software, and if you are using enterprise CA the same rcc must be loaded on each device.   There is a field in network plug and play portal to load enterprise rcc so this task is automated with ZTP turn up.  Virtual devices (CAT8kv, vbond, vsmart, vmanage) can have the enterprise rcc loaded in the day0 file.

0 Helpful

Kanan Huseynli
VIP
VIP

‎03-07-2023 03:10 PM

Hi,

each device, normally, has root cert chain, but if you use enterprise CA for controller and/ or router certification, then you should push this information (your enterprise root CA) to other routers (also to controllers). This can be done via PNP/ZTP and also manually with CLI command.

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card