cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1872
Views
5
Helpful
8
Replies

VEdge to Controller Certificate

biran
Level 1
Level 1

Hi All, 

 

My understanding is VEdge always use Board ID Signed cert to controller . But I like to use my enterprise CA .Do we have any option ? 

 

Thanks.

8 Replies 8

ekhabaro
Cisco Employee
Cisco Employee
Yes you have that option, you can use your own enterprise CA for authentication
https://sdwan-docs.cisco.com/Product_Documentation/vManage_Help/Release_17.2/Configuration/Certificates

tahiali
Cisco Employee
Cisco Employee

you cannot use enterprise root CA for authenticating hardware boxes with TPM or SUDI chips as they already come with signed cert.

yeah, maybe I misunderstood the question. you can't use Enterprise CA for this purpose for sure.

 

I thought all boxes come with TPM Chip . Is  there any boxes not included TPM chips?

 

Thanks.

 

 

I thought all boxes come with TPM Chip . Is  there any boxes not included TPM chips?

 

Thanks.

 

HashamM
Cisco Employee
Cisco Employee

Viptela appliances have TPM chips and ISR devices have SUDI chip.

I'm not sure this statement is accurate.  I'm trying to figure this thing out and I installed enterprise root and self signed certes on all the controllers.  I'm trying to bring up my first cEdge device (ISR 4K), I added the SUDI info to the white list and it didn't come up.  I added my enterprise root cert on my cEdge router and now the control plane is up.

 
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco