cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

1717
Views
0
Helpful
5
Replies
Highlighted
Cisco Employee

vEdge onboarding , "ERR_CERT_VER_FAIL" in vBond

Hi,

 

i'm trying to bring up the control plan (manual)

vManage->settings->Enterprise Root Certificate

using openssl, creating self signed certificate (CA) and installed in vManage.

vSmart and vBond  but validated and control connections are up between vManage, vSmart, vBond.

 

Now, while adding vEdge:

1. installed vEdge, using "show certificate serial" got the chassis number

2. signing is done to get .viptela file with this serial number

3. in vManage,  upload WAN edge list, used the .viptela file

4. got the token visible in the UI and in all three , could see the device listed in "show valid-vedge" 

5. did generate bootstrap , copied the OTP

6. inside the vEdge cloud, 

6.1  installed the root CA for certificate root-chain

6.2. issued the command "request vedge-cloud activate chassis << chassis >> token <<OTP>>

 

Now i'm expecting the vBond to come into picture and validate the device , which is not happening


from logs saw:

local7.info: Apr 11 16:01:52 vBond VBOND[2229]: %Viptela-vBond-vbond_0-6-INFO-1400002: Notification: 4/11/2019 16:1:52 vbond-reject-vedge-connection severity-level:major host-name:"vBond" system-ip:194.168.1.51 uuid:"6DFF7A3C-466D-4A5A-9CF0-C96ACB99B58C" organization-name:"<<removed>>" sp-organization-name:"<<removed>>" reason:"ERR_CERT_VER_FAIL"

This is sure of certificate issue, just wondering  what is the certificate install step missed ?

Also checked:

1.  request csr upload vedge.csr

2. using openssl and root CA certificate, created  vEdge.crt and installed  ... this also doesn't work

 

Any help ?

 

 

 

 

 

5 REPLIES 5
Highlighted
Cisco Employee

Here is the link to great article by Shankar about troubleshooting control connections:

 

https://community.cisco.com/t5/networking-documents/sd-wan-routers-troubleshoot-control-connections/ta-p/3813237

Highlighted
Enthusiast

Do you have a valid NTP server configured & is it accessible on VPN0? Time being off can cause this issue and has bit me in the past.

Highlighted

I have ntp server in vpn512, is it valid?

Highlighted
Beginner

Where you able to fix the "reason=ERR_CERT_VER_FAIL" issue? How?

Highlighted

I did the following to solve this issue for me:

 

1) I went to the vMnage: Administration | Settings | WAN Edge Cloud Certificate Authorization and set it to Manual.

 

Then using the CLI on the vEdge Cloud device, I entered "show certificate root-ca-cert"

I realized the CA cert was not the correct one, then I fixed that, and made sure it was the correct one this time.

I finally issued the "request vedge-cloud activate chassis-number ..." command and waited for like 2 min.

The vEdge was finally authenticated by the vBond.

 

Then on vManage I went to CONFIGURATION | CERTIFICATES and downloaded the vEdge CSR, I signed it using the XCA, and installed the cert. After like 3min the vEdge is now reachable and up in the vManage.

 

I have to say you need lots of patient with these processes.... and all the help you can find. BTW: I am using 18.4.5 Viptela versions. Good luck everyone!

 

 

 

Content for Community-Ad
This widget could not be displayed.