07-13-2014 06:25 PM - edited 02-21-2020 07:43 PM
We need to enroll our GMs to our KS's via PKI. Is there a way for us to enroll all our router using the same certificate/CSR? Thanks!
07-14-2014 05:35 AM
Hi johnpong99,
From what I know each router has to have its own certificate signed by the CA (certificate authority). In each certificate the subject field uniquely identifies the equipment (in your case router) it is meant for. I don't think there is a way for the CA to issue a certificate usable on multiple devices
Hope this will help,
Best of luck
08-04-2014 10:22 PM
Hi Narcis,
Thanks for your response. I was able to perform this however there are some drawbacks since you are using the same certificate signed by the CA, there will be no identity between the devices involved. Aside from that, there is an alarm being generated but is not traffic affecting.
08-05-2014 06:54 AM
Hy John,
Interesting to know, but what is the purpose of the certificate if it can't uniquely identify each router. Does it help you?
Good luck
08-05-2014 07:48 PM
For ease of deployment purposes without involving the CA server. But this setup wasn't deployed in our production environment.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide