07-04-2020 02:30 AM - edited 07-04-2020 03:46 AM
Hi All
I have build my SWAN lab in eveng just to practice some basic stuffs . I am trying to install manual certification in vbond
through xca , but i am encountering this error every time . I am using quite old IOS 16.2.11 as I dont have smart account
Please can anyone help me on this ? I am only facing this issue on Vbnond while vmanger and Vsmart are working properly
vbond:~$ ls -l
total 12
-rw-r--r-- 1 admin admin 1400 Jul 4 07:38 RootCA.pem
-rw-r--r-- 1 admin admin 392 Jul 4 09:13 archive_id_rsa.pub
-rw-r--r-- 1 root root 1208 Jul 2 22:20 vbond_csr
vbond:~$ exit
exit
vbond# request root-cert-chain install /home/admin/RootCA.pem
Uploading root-ca-cert-chain via VPN 0
Copying ... /home/admin/RootCA.pem via VPN 0
Error: Cannot upload root certificate file on a software vedge. Please use Viptela approved symantec signed certificates.
Failed to install the root certificate chain !!
vsmart:~$ ls -l
total 8
-rw-r--r-- 1 admin admin 1421 Jul 4 10:44 RootCA.pem
-rw-r--r-- 1 admin admin 393 Jul 4 09:13 archive_id_rsa.pub
vsmart:~$ exit
exit
vsmart# request root-cert-chain install /home/admin/RootCA.pem
Uploading root-ca-cert-chain via VPN 0
Copying ... /home/admin/RootCA.pem via VPN 0
Successfully installed the root certificate chain
vsmart#
11-18-2023 07:05 AM
Check the system confirm of your vBond. Are you using the vBond as the CA?
Edit the vBond config to "vbond {vbond IP} local vbond-only" For example vbond 199.1.1.3 local vbond-only.
Then retry installing the manual certificate on the vBond
11-18-2023 09:40 AM
If the vBond acting as Root Server, you do not need to request cert for root
##Use vshell / viptela_cli to switch between shell and cli modes
vBond# vshell
vBond:~$ openssl genrsa -out ROOTCA.key 2048
Generating RSA private key, 2048 bit long modulus
........+++..............................................+++
e is 65537 (0x10001)
vBond:~$ openssl req -x509 -new -nodes -key ROOTCA.key -sha256 -days 1024 \
> -subj "/C=UK/ST=LON/L=LON/O=BBLAB/CN=BB.LOCAL" \
> -out ROOTCA.pem
$ ls -l - check the ROOTCA.key and ROOTCA.pem available
# Excecute the following command in CLI mode on all devices
request root-cert-chain install scp://admin@vsmartip:/home/admin/ROOTCA.pem vpn 0
check cert on vsmart once above step completed successfully.
vSmart# show certificate root-ca-cert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide