Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1844
Views
0
Helpful
1
Replies

Understanding Router Certificates

Network Digger
Level 1
Level 1

‎04-07-2020 08:23 AM

Hello,

 

I have a question please about the SDWAN routers certificates, can some one answer the below please:

1. The routers need only 2 certificates, the Root Certificate (from the CA) and the Device Certificate?

2. The Device Certificate is manufactured by Cisco during the order?

3. Is the Root Certificate mandatory? Or the Device Certificate is enough?

 

appreciate your clarification please, thank you

Labels:
0 Helpful
1 Reply 1

nriv
Level 1
Level 1

‎04-10-2020 01:48 PM

 

Are there two separate certs? There's the root cert that's usually pre-installed, or you can use a separate CA to install your own cert on the Edge routers manually. When I see device cert in the CVD guide it refers to the mode the cert is in - staging, valid, or invalid.

 

From the Onboarding Edge Device CVD:

 - Physical WAN Edge devices have either a Symantec/DigiCert or Cisco PKI root certificate pre-installed during the device manufacturing.

- You can also install an enterprise root CA certificates.

-  ASR1002-Xs and virtual WAN Edge devices do not have root certificates preinstalled and need a one time password.

 

CVD: https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/sd-wan-wan-edge-onboarding-deploy-guide-2020jan.pdf

 

 

0 Helpful
Customers Also Viewed These Support Documents