cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

2693
Views
0
Helpful
1
Replies
Calin C.
Contributor

vManage, can install the certificate on vBond but not vSmart

Hi there,

 

I have a strange issue in terms that I can install successfully the certificate on the vManage, vBond, but not on vSmart.

When I try to install the cert on vSmart I get complains about 

"Error: root-ca-chain unable to validate the certificate... Aborting !"

 

I followed the steps at https://sdwan-docs.cisco.com/Product_Documentation/Command_Reference/Operational_Commands/request_root-cert-chain

and anyway, if I could install on vManage and vBond the CA root chain should be there, no?

 

Some more details, is a lab deployment, I use the version 18.4 and Enterprise CA. One notable change from the documentation, I don't see the "Manual" option anymore. Is either Symantec Automated or Manual or Enterprise CA for certificates.

 

I appreciate any feedback.

 

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Calin C.
Contributor

Hi

 

Problem solved.

 

The issue was the root-ca-chain certificate:

 

vSmart# show control local-properties
personality vsmart
sp-organization-name locallan
organization-name locallan
certificate-status Not-Installed
root-ca-chain-status Installed

 

Was showing Installed, but for some reason was not accurate.

 

I reinstalled the root-ca-chain and then I could install the vSmart certificate without any issue.

 

vSmart# show control local-properties
personality vsmart
sp-organization-name locallan
organization-name locallan
certificate-status Installed
root-ca-chain-status Installed

 

Thanks for those who had a look at this topic.

View solution in original post

1 REPLY 1
Calin C.
Contributor

Hi

 

Problem solved.

 

The issue was the root-ca-chain certificate:

 

vSmart# show control local-properties
personality vsmart
sp-organization-name locallan
organization-name locallan
certificate-status Not-Installed
root-ca-chain-status Installed

 

Was showing Installed, but for some reason was not accurate.

 

I reinstalled the root-ca-chain and then I could install the vSmart certificate without any issue.

 

vSmart# show control local-properties
personality vsmart
sp-organization-name locallan
organization-name locallan
certificate-status Installed
root-ca-chain-status Installed

 

Thanks for those who had a look at this topic.

View solution in original post

Content for Community-Ad