Procedure to renew certificates using the Control Components Certificate Management workflow.
The Control Components Certificate Management workflow provides two methods:
-
Auto: For each selected SD-WAN Control Component, SD-WAN Manager generates a certificate signing request (CSR), sends the CSR to the certificate authority (CA) for signing, then installs the signed certificate on the component.
The Auto option is available if you have selected one of the Cisco PKI, EST, or SCEP options in .
-
Manual: For each selected SD-WAN Control Component, SD-WAN Manager generates a certificate signing request (CSR) for you to download. Then you manually handle the certificate signing and re-upload the signed certificate. The workflow then installs the signed certificate on the component.
Before you begin
For the automatic certificate signing option that occurs in the workflow, two prerequisites apply. Without these, only a manual signing option is available in the workflow. Here are the prerequisites:
-
Smart Account and Virtual Account
In Cisco Catalyst SD-WAN Manager Release 20.18.1 and earlier, enter Smart Account and Virtual Account details in Cisco SD-WAN Manager.
-
From the Cisco SD-WAN Manager menu, choose .
-
Enter your Smart Account or Virtual Account credentials in the Username and Password fields.
-
-
Registering Plug-and-Play
From Cisco Catalyst SD-WAN Manager Release 20.18.2, service providers in a multitenant environment and tenant in a single-tenant environment must register the Plug-and-Play service.
-
Certificate signing by Cisco
-
From the Cisco SD-WAN Manager menu, choose .
-
Click Control Components.
-
Change Certificate Signing by to Cisco.
-
Procedure
| 1. | Do one of these to launch the Control Components Certificate Management workflow:
|
|
| 2. | Choose Auto or Manual, select the desired SD-WAN Control Components, and proceed according to the instructions in the workflow. For the Manual option:
|