Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1180
Views
0
Helpful
0
Replies

vEdge certificate installation failed

Steven-Williams-83
Level 1
Level 1

‎09-15-2022 12:35 PM - edited ‎09-15-2022 12:36 PM

Been banging my head against the wall this week. I have reset and redeployed a vedge about 10 times with same result. 

Running SDWAN software 20.3.2 on all controllers and vEdges. Within vManage I always get an error of "Certificate Installation Failed" on the vEdge that I am deploying. 

Screen Shot 2022-09-15 at 2.28.38 PM.png

 

vEdge-04# show control local-properties
personality                       vedge
sp-organization-name              TNT-SDWAN-LAB
organization-name                 TNT-SDWAN-LAB
root-ca-chain-status              Installed

certificate-status                Not-Installed
certificate-validity              Not Applicable
certificate-not-valid-before      Not Applicable
certificate-not-valid-after       Not Applicable

dns-name                          223.1.1.11
site-id                           4
domain-id                         1
protocol                          dtls
tls-port                          0
system-ip                         10.4.0.1
chassis-num/unique-id             a0318757-da23-****96b4-0b0edbafe4cf
serial-num                        No certificate installed
subject-serial-num                N/A
token                             c794306771624a01afb****56d1fde9b
keygen-interval                   1:00:00:00
retry-interval                    0:00:00:15
no-activity-exp-interval          0:00:00:20
dns-cache-ttl                     0:00:02:00
port-hopped                       TRUE
time-since-last-port-hop          0:00:38:40
pairwise-keying                   Disabled
embargo-check                     success
cdb-locked                        false
number-vbond-peers                1

INDEX   IP                                      PORT
-----------------------------------------------------
0       223.1.1.11                              12346

number-active-wan-interfaces      1


 NAT TYPE: E -- indicates End-point independent mapping
           A -- indicates Address-port dependent mapping
           N -- indicates Not learned
           Note: Requires minimum two vbonds to learn the NAT type

                                                                                                                                                     RESTRICT/          LAST                          VM
                         PUBLIC          PUBLIC PRIVATE         PRIVATE                                 PRIVATE                              MAX     CONTROL/           LAST         SPI TIME    NAT  CON
INTERFACE                IPv4            PORT   IPv4            IPv6                                    PORT     VS/VM COLOR           STATE CNTRL   STUN        LR/LB  CONNECTION   REMAINING   TYPE PRF
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ge0/0                    192.1.4.2       12366  192.1.4.2       ::                                      12366    0/1  public-internet  up     2     yes/yes/no   No/No  0:00:00:13   0:11:50:14  N    5

vEdge-04# show control connections
                                                                                       PEER                                          PEER                                          CONTROLLER
PEER    PEER PEER            SITE       DOMAIN PEER                                    PRIV  PEER                                    PUB                                           GROUP
TYPE    PROT SYSTEM IP       ID         ID     PRIVATE IP                              PORT  PUBLIC IP                               PORT  LOCAL COLOR     PROXY STATE UPTIME      ID
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vbond   dtls 0.0.0.0         0          0      223.1.1.11                              12346 223.1.1.11                              12346 public-internet -     up     0:00:09:54  0
vmanage dtls 10.100.0.1      100        0      223.1.1.10                              12746 223.1.1.10                              12746 public-internet No    up     0:00:09:53  0

vEdge-04#

 

 

 

 

Anyone know where to check why the cert install is failing? I have only worked with 18.4.5 which doesn't require wan edge list and with that version I would do essentially a manual cert install on vEdges, by downloading the root-ca then installing then generate csr on vEdge, then take that csr and use it to create cert at my IOS-XE CA with the crypto pki server commands and then come back to vEdge and paste inside a cert.txt file and install that file with request commands on vedge. 

 

Is this the same process on 20.x?

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents