i'm trying to bring up the control plan (manual)
vManage->settings->Enterprise Root Certificate
using openssl, creating self signed certificate (CA) and installed in vManage.
vSmart and vBond but validated and control connections are up between vManage, vSmart, vBond.
Now, while adding vEdge:
1. installed vEdge, using "show certificate serial" got the chassis number
2. signing is done to get .viptela file with this serial number
3. in vManage, upload WAN edge list, used the .viptela file
4. got the token visible in the UI and in all three , could see the device listed in "show valid-vedge"
5. did generate bootstrap , copied the OTP
6. inside the vEdge cloud,
6.1 installed the root CA for certificate root-chain
6.2. issued the command "request vedge-cloud activate chassis << chassis >> token <<OTP>>
Now i'm expecting the vBond to come into picture and validate the device , which is not happening
from logs saw:
local7.info: Apr 11 16:01:52 vBond VBOND: %Viptela-vBond-vbond_0-6-INFO-1400002: Notification: 4/11/2019 16:1:52 vbond-reject-vedge-connection severity-level:major host-name:"vBond" system-ip:18.104.22.168 uuid:"6DFF7A3C-466D-4A5A-9CF0-C96ACB99B58C" organization-name:"<<removed>>" sp-organization-name:"<<removed>>" reason:"ERR_CERT_VER_FAIL"
This is sure of certificate issue, just wondering what is the certificate install step missed ?
1. request csr upload vedge.csr
2. using openssl and root CA certificate, created vEdge.crt and installed ... this also doesn't work
Any help ?
Here is the link to great article by Shankar about troubleshooting control connections:
Do you have a valid NTP server configured & is it accessible on VPN0? Time being off can cause this issue and has bit me in the past.
I have ntp server in vpn512, is it valid?
Where you able to fix the "reason=ERR_CERT_VER_FAIL" issue? How?
I did the following to solve this issue for me:
1) I went to the vMnage: Administration | Settings | WAN Edge Cloud Certificate Authorization and set it to Manual.
Then using the CLI on the vEdge Cloud device, I entered "show certificate root-ca-cert"
I realized the CA cert was not the correct one, then I fixed that, and made sure it was the correct one this time.
I finally issued the "request vedge-cloud activate chassis-number ..." command and waited for like 2 min.
The vEdge was finally authenticated by the vBond.
Then on vManage I went to CONFIGURATION | CERTIFICATES and downloaded the vEdge CSR, I signed it using the XCA, and installed the cert. After like 3min the vEdge is now reachable and up in the vManage.
I have to say you need lots of patient with these processes.... and all the help you can find. BTW: I am using 18.4.5 Viptela versions. Good luck everyone!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: