cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

15546
Views
85
Helpful
48
Replies
xshant
Beginner

Viptela Vmanage

I installed Vmanage on a virtual machine. On Vmanage i selected manual root certificate and generated certificate with "Generate CSR", it generated a .csr file, now i wanted to install this certificate for vManage and when uploading the certificate it gives me error saying "cannot decrypt serial number from the certificate".? Where do i get the serial number, its a VM? Is this the right way to do it, do i need to install this certificate for vManage?

48 REPLIES 48

can you please suggest some other tools for windows ??? I'm also facing the same error like below while opting for Automated Symantec 

 

Unable to get response from signing server https://certmanager-webservices.websecurity.symantec.com/vswebservices/rest/services/enroll

Hi,

 

I'm facing a similar problem with my vEdges Cloud.

 

Following the expiration of my lab's root CA, I regenerated it and rebuilt the controllers correctly (1x vManage, 1x vSmart, 1x vBond), unfortunately, I cannot get the control-plane of the vEdges cloud back Up... I'm getting this following error constantly from the vBond, even if I can see the serial-numbers are valid on the vBond when I type show orchestrator valid-vedges.

 

I also uploaded the new ca.cert to the vEdges as well, and even regenerated the licenses from the Smart Account with the good root CA certificate... I also checked the NTP synchronization...

 

Here is the error seen from the vbond:

 

host namevBond
uuidhidden
organization namehidden
sp organization-namehidden
reasonERR_BID_NOT_VERIFIED

 

And from the vEdges:

 

vEdge11# show control connections-history
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vbond dtls 0.0.0.0 0 0 10.0.0.2 12346 10.0.0.2 12346 default challenge_resp RXTRDWN BIDNTVRFD 5 2019-10-25T10:22:04+0000
vmanage tls 172.20.2.50 1 0 10.0.0.1 23556 10.0.0.1 23556 default tear_down VM_TMO NOERR 0 2019-10-25T10:18:35+0000
vbond dtls 0.0.0.0 0 0 10.0.0.2 12346 10.0.0.2 12346 default up RXTRDWN VECRTREV 0 2019-10-25T10:18:23+0000
vbond dtls 0.0.0.0 0 0 10.0.0.2 12346 10.0.0.2 12346 default challenge_resp RXTRDWN SERNTPRES 0 2019-10-25T10:17:51+0000
vmanage tls 172.20.2.50 1 0 10.0.0.1 23456 10.0.0.1 23456 default tear_down VM_TMO NOERR 0 2019-10-25T10:17:51+0000
vbond dtls 0.0.0.0 0 0 10.0.0.2 12346 10.0.0.2 12346 default up

 

 

On the vEdge side, we can see the error VSCRTREV, pointing to a certificate revoked/invalidated on the vEdge/vSmart, but I also requested the root-ca reinstall with the good one so... I'm quite lost :)

 

From the vBond, we can see the following debug messages:

 

vBond# debug vdaemon misc high
vBond# show log /var/log/tmplog/vdebug tail -f
[...]
%VDAEMON_DBG_MISC-1: Peer's Certificate serial number not found in vedge-list
local7.info: Oct 25 14:41:54 vBond VBOND[1599]: %Viptela-vBond-vbond_0-6-INFO-1400002: Notification: 10/25/2019 14:41:54 vbond-reject-vedge-connection severity-level:major host-name:"vBond" system-ip:172.20.2.51 uuid:"<hidden>" organization-name:"<hidden>" sp-organization-name:"<hidden>" reason:"ERR_BID_NOT_VERIFIED"
local7.info: Oct 25 14:41:54 vBond VBOND[1599]: %Viptela-vBond-vbond_0-6-INFO-1400002: Notification: 10/25/2019 14:41:54 control-connection-auth-fail severity-level:major host-name:"vBond" system-ip:172.20.2.51 personality:vbond peer-type:vedge peer-system-ip::: local-system-ip:172.20.2.51 local-color:default reason:"ERR_BID_NOT_VERIFIED"

 

 

Any ideas? 

Thanks

I resolved my issue, here is how.

 

Even if I had installed via CLI my new root CA via this command:

vmanage# request root-cert-chain install /home/admin/ca.crt

+ resync my vManage DB via  https://<ip>/dataservice/system/device/sync/rootcertchain , it appeared that the root CA was still the previous one at Administration > Settings > Controller Certificate Autorization (Edit). (is it a bug or something? I'm in Platform Version: 18.4.1)

 

After replacing it in the GUI, and re-generating the bootstrap configs via Config > Devices + request vedge-cloud activate from the vEdges, they were finally able to bring up the control-plane.

 

Before that, as I already said, the clocks was synchronized, and certificates valid from the vBond (visible as valid via the command show orchestrator valid-vedges).

 

Hope this helps...

Hi Benoit, I had the same issue with 20.1. Resolved using your post. Thanks a lot!

Content for Community-Ad