cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

450
Views
0
Helpful
1
Replies
Highlighted
Beginner

Understanding Router Certificates

Hello,

 

I have a question please about the SDWAN routers certificates, can some one answer the below please:

1. The routers need only 2 certificates, the Root Certificate (from the CA) and the Device Certificate?

2. The Device Certificate is manufactured by Cisco during the order?

3. Is the Root Certificate mandatory? Or the Device Certificate is enough?

 

appreciate your clarification please, thank you

1 REPLY 1
Highlighted
Beginner

 

Are there two separate certs? There's the root cert that's usually pre-installed, or you can use a separate CA to install your own cert on the Edge routers manually. When I see device cert in the CVD guide it refers to the mode the cert is in - staging, valid, or invalid.

 

From the Onboarding Edge Device CVD:

 - Physical WAN Edge devices have either a Symantec/DigiCert or Cisco PKI root certificate pre-installed during the device manufacturing.

- You can also install an enterprise root CA certificates.

-  ASR1002-Xs and virtual WAN Edge devices do not have root certificates preinstalled and need a one time password.

 

CVD: https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/sd-wan-wan-edge-onboarding-deploy-guide-2020jan.pdf

 

 

Content for Community-Ad