cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration, and deployment questions.
For production deployment issues, please contact TAC. We will not comment or assist with your TAC case in these forums.

729
Views
0
Helpful
1
Replies
Network Digger
Beginner

Understanding Router Certificates

Hello,

 

I have a question please about the SDWAN routers certificates, can some one answer the below please:

1. The routers need only 2 certificates, the Root Certificate (from the CA) and the Device Certificate?

2. The Device Certificate is manufactured by Cisco during the order?

3. Is the Root Certificate mandatory? Or the Device Certificate is enough?

 

appreciate your clarification please, thank you

1 REPLY 1
nriv
Beginner

 

Are there two separate certs? There's the root cert that's usually pre-installed, or you can use a separate CA to install your own cert on the Edge routers manually. When I see device cert in the CVD guide it refers to the mode the cert is in - staging, valid, or invalid.

 

From the Onboarding Edge Device CVD:

 - Physical WAN Edge devices have either a Symantec/DigiCert or Cisco PKI root certificate pre-installed during the device manufacturing.

- You can also install an enterprise root CA certificates.

-  ASR1002-Xs and virtual WAN Edge devices do not have root certificates preinstalled and need a one time password.

 

CVD: https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/sd-wan-wan-edge-onboarding-deploy-guide-2020jan.pdf