Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5479
Views
0
Helpful
2
Replies

Can I generate self signed certificates for Nexus 9K?

Go to solution
d-fillmore
Explorer
Explorer

‎10-03-2016 06:49 AM

Hi, I have 22 Nexus 9Ks that I've just upgraded to 7.0(3)I4 so I can use the REST API.

I'm using vRealize Orchestrator for automation, and I can't access the REST API on the Nexus using Orchestrator as the certificates have all expired.

I can't find very much info about this for the 9K, except if the 9Ks are in ACI mode, in which case I think TAC are the only people that can generate a certificate.

Does anyone know any other way around this? else I'll have to raise a TAC case to get 22 certs generated :-/

Cheers, Dom

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
LJ Gabrillo
Contributor
Contributor

‎10-17-2016 09:52 PM

I am not familiar with the technology with what you are trying to integrate, but below is a guide on how to generate a custom SSC(Self-Signed Cert) on a device:
#conf t
#hostname DEVICE01                           -NOTE: Must not be changed
#ip domain-name test.local

#crypto key generate rsa general-keys label SSC_KEY modulus 2048

#crypto pki trustpoint SSC_LOCAL
   #subject-name CN=DEVICE,DC=test,DC=local 
   #enrollment selfsigned
   #revocation-check crl
   #rsakeypair SSC_KEY 2048

#crypto ca enroll SSC_LOCAL                -HIDDEN COMMAND: Initiate SSC Creation

   % Include the router serial number in the subject name? [yes/no]: no
   % Include an IP address in the subject name? [no]:
   % Generate Self Signed Router Certificate? [yes/no]: yes

   Router Self Signed Certificate successfully created


After this make sure you do NOT change the hostname of the device :) 

View solution in original post