Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1976
Views
0
Helpful
5
Replies

Stealthwatch CA Idendity Certificate

Go to solution
Barakat
Community Member

‎05-12-2023 06:27 AM

Hi all,

I have  a problem when I try to update the identity certificate of the Manager to a custom one of my own CA.

When I update it, I loose the connection to the appliance and I get "Config Channel Down"

Barakat_1-1683897904108.png

 

And according to the documentation, I should remove the appliance through the console. but when I do, I receive this error:

Barakat_0-1683897852610.png

and the operation failed.

what should I do? anybody can help?

Thanks in advance,

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Barakat
Community Member

‎06-06-2023 11:26 PM

The problem was in using a wrong template to create the certificate.

The template should be ((server authentication and client authentication))

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-12-2023 09:09 AM

What version are you running and what procedure did you follow in your attempt to replace the certificate?

0 Helpful

Go to solution
Barakat
Community Member
In response to Marvin Rhoads

‎05-12-2023 10:16 AM

I have the last version 7.4.2 in virtual platform.

I have received the Certificate from the CA authority containing the info and the URL.

I have added this certificate with CA certificate to the trust store in all the appliance.

Then I replaced it with the self signed one in the identity certificate tab.

I tried to follow the instruction in this file page 73:

https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/certificates/7_4_2_SSL_TLS_Certificates_for_Managed_Appliances_Guide_DV_1_0.pdf

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Barakat

‎05-15-2023 12:40 AM - edited ‎05-15-2023 12:40 AM

That's the correct procedure. The only thing I can guess is possibly you did not install all certificates in the chain (root, intermediate and issuing CA certificate, as applicable).

If you did that, then I would suggest opening a TAC case. They can guide you through the cli procedure to replace the non-working certificate with a self-signed one and then work with you to determine the root cause for the problem you're experiencing.

0 Helpful

Go to solution
Barakat
Community Member
In response to Marvin Rhoads

‎05-15-2023 01:24 AM

I already added the CA, CA issuing and the cert to the trust store. but as I explained I succeed to open the URL securely

Barakat_0-1684138983415.png

 

but I lost the connection to the manager (config channel down)

Barakat_1-1684139004111.png

I will see with Cisco.

Thanks a lot

 

0 Helpful

Go to solution
Barakat
Community Member

‎06-06-2023 11:26 PM

The problem was in using a wrong template to create the certificate.

The template should be ((server authentication and client authentication))

0 Helpful
Customers Also Viewed These Support Documents