ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

191
Views
0
Helpful
1
Replies
Highlighted
Beginner

Understanding Router Certificates

Hello,

 

I have a question please about the SDWAN routers certificates, can some one answer the below please:

1. The routers need only 2 certificates, the Root Certificate (from the CA) and the Device Certificate?

2. The Device Certificate is manufactured by Cisco during the order?

3. Is the Root Certificate mandatory? Or the Device Certificate is enough?

 

appreciate your clarification please, thank you

Everyone's tags (5)
1 REPLY 1
Highlighted
Beginner

Re: Understanding Router Certificates

 

Are there two separate certs? There's the root cert that's usually pre-installed, or you can use a separate CA to install your own cert on the Edge routers manually. When I see device cert in the CVD guide it refers to the mode the cert is in - staging, valid, or invalid.

 

From the Onboarding Edge Device CVD:

 - Physical WAN Edge devices have either a Symantec/DigiCert or Cisco PKI root certificate pre-installed during the device manufacturing.

- You can also install an enterprise root CA certificates.

-  ASR1002-Xs and virtual WAN Edge devices do not have root certificates preinstalled and need a one time password.

 

CVD: https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/sd-wan-wan-edge-onboarding-deploy-guide-2020jan.pdf