Re: SDWAN Edge Certificate Renewal

RicC · ‎11-11-2022

Greetings:

Browsing attempting to find the process or procedures to effectively renew edge certificates when they are approaching end life. is there anything close to a scep model that effectively provides a measure of automation.

operative word RENEW on Edge

Learning101 · ‎05-12-2025

Hi,

2025 and i'm having the same issue, is there a way to use Enterprise CA with SCEP for Edge onboarding.

Did you solve your issue ?

Best regards

Dan Frey · ‎05-12-2025

There is vmanage API to renew the CSR which will update the certificate on the edge device.

endpoint:

https://192.168.0.156/dataservice/certificate/generate/wanedge/csr

POST

payload = {"deviceUUID":"C8K-9B46A13F-BDDA-B138-7EF2-12345667XXB"}

Learning101 · ‎05-13-2025

Thank you for the reply, I am aware than we can use apis to get CSR, signed it and sent it back to the edge.

But because there is an option "Certificate Authority: Enterprise CA with SCEP" in Manager I presumed there already is an automation made in Manager to cover those kind of scenarios.

For example in IOS this is covered with certificate enrollment procedure, where we can set enrollment retry , auto-enrollment and other attributes so the certificate enrollment is automatic and not manual.

Learning101 · ‎05-14-2025

Hi,

for anyone who is wondering if it's possible to do automation with scep to retrieve certificates from CA, i got a definite answer that this is currently unsupported feature.

The solution for issuing and renewal of Certificates is use of API, we were able write python scripts to automate this procedure to certain degree.

Best regards