Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1852
Views
0
Helpful
2
Replies

Unable to generate root-cert-chain in vbnond version 16.2.11

ParthaSarathi
Level 1
Level 1

‎07-04-2020 02:30 AM - edited ‎07-04-2020 03:46 AM

Hi  All 

I have build my SWAN lab in eveng just to practice some basic stuffs  .  I am trying to install manual certification  in vbond

through xca , but i am encountering this error  every time . I am using quite old IOS 16.2.11 as I dont have smart account 

Please can anyone help me on this ?  I am only facing this issue on Vbnond while vmanger  and Vsmart  are working properly

 vbond:~$ ls -l
total 12
-rw-r--r-- 1 admin admin 1400 Jul 4 07:38 RootCA.pem
-rw-r--r-- 1 admin admin 392 Jul 4 09:13 archive_id_rsa.pub
-rw-r--r-- 1 root root 1208 Jul 2 22:20 vbond_csr
vbond:~$ exit
exit
vbond# request root-cert-chain install /home/admin/RootCA.pem
Uploading root-ca-cert-chain via VPN 0
Copying ... /home/admin/RootCA.pem via VPN 0
Error: Cannot upload root certificate file on a software vedge. Please use Viptela approved symantec signed certificates.
Failed to install the root certificate chain !!

 

 

vsmart:~$ ls -l
total 8
-rw-r--r-- 1 admin admin 1421 Jul 4 10:44 RootCA.pem
-rw-r--r-- 1 admin admin 393 Jul 4 09:13 archive_id_rsa.pub
vsmart:~$ exit
exit
vsmart# request root-cert-chain install /home/admin/RootCA.pem
Uploading root-ca-cert-chain via VPN 0
Copying ... /home/admin/RootCA.pem via VPN 0
Successfully installed the root certificate chain
vsmart#

 

 

1 person had this problem
0 Helpful
2 Replies 2

EfoseIkhalo
Level 1
Level 1

‎11-18-2023 07:05 AM

Check the system confirm of your vBond. Are you using the vBond as the CA?

Edit the vBond config to "vbond {vbond IP} local vbond-only" For example vbond 199.1.1.3 local vbond-only.

Then retry installing the manual certificate on the vBond

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎11-18-2023 09:40 AM

If the vBond acting as Root Server, you do not need to request cert for root

##Use vshell / viptela_cli to switch between shell and cli modes
vBond# vshell
vBond:~$ openssl genrsa -out ROOTCA.key 2048
Generating RSA private key, 2048 bit long modulus
........+++..............................................+++
e is 65537 (0x10001)

vBond:~$ openssl req -x509 -new -nodes -key ROOTCA.key -sha256 -days 1024 \
> -subj "/C=UK/ST=LON/L=LON/O=BBLAB/CN=BB.LOCAL" \
> -out ROOTCA.pem

$ ls -l - check the ROOTCA.key and ROOTCA.pem available


# Excecute the following command in CLI mode on all devices
request root-cert-chain install scp://admin@vsmartip:/home/admin/ROOTCA.pem vpn 0

check cert on vsmart once above step completed successfully.

vSmart# show certificate root-ca-cert

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card