Hi, I have 22 Nexus 9Ks that I've just upgraded to 7.0(3)I4 so I can use the REST API.
I'm using vRealize Orchestrator for automation, and I can't access the REST API on the Nexus using Orchestrator as the certificates have all expired.
I can't find very much info about this for the 9K, except if the 9Ks are in ACI mode, in which case I think TAC are the only people that can generate a certificate.
Does anyone know any other way around this? else I'll have to raise a TAC case to get 22 certs generated :-/
Go to Solution.
I am not familiar with the technology with what you are trying to integrate, but below is a guide on how to generate a custom SSC(Self-Signed Cert) on a device:#conf t#hostname DEVICE01 -NOTE: Must not be changed#ip domain-name test.local
#crypto key generate rsa general-keys label SSC_KEY modulus 2048
#crypto pki trustpoint SSC_LOCAL #subject-name CN=DEVICE,DC=test,DC=local #enrollment selfsigned #revocation-check crl #rsakeypair SSC_KEY 2048
#crypto ca enroll SSC_LOCAL -HIDDEN COMMAND: Initiate SSC Creation
% Include the router serial number in the subject name? [yes/no]: no % Include an IP address in the subject name? [no]: % Generate Self Signed Router Certificate? [yes/no]: yes
Router Self Signed Certificate successfully createdAfter this make sure you do NOT change the hostname of the device :)
View solution in original post