Cisco Catalyst SD-WAN Certificate Management Guide, Releases 26.x and Later

PDF

Generating a certificate signing request

Want to summarize with AI?

Log in

Procedure to generate a certificate signing request.


These procedures describe the process of generating CSRs.

Generate an SD-WAN Control Component certificate signing request, through 20.16.x

Note

From SD-WAN Manager 20.18.1, this procedure has been replaced. Use the Control Components Certificate Management workflow instead.

Procedure

1.

From the Cisco SD-WAN Manager menu, select Configuration > Certificates.

2.

Select Control Components.

3.

For the desired controller, select and choose Generate CSR.

The Generate CSR page is displayed.

4.

In the Generate CSR window, select Download to download the file to your local PC (that is, to the PC you are using to connect to SD-WAN Manager).

5.

Repeat the steps to generate a CSR for another SD-WAN Control Component.


Generate a feature certificate signing request, through 20.16.x

Note

From SD-WAN Manager 20.18.1, this procedure has been replaced. Use one of these instead:

  • Control Components Certificate Management workflow

  • WAN Edges Certificate Management workflow

Procedure

1.

From the Cisco SD-WAN Manager menu, select Configuration > Certificates.

2.

Select WAN Edge List.

3.

For the desired device, select and choose Generate Feature CSR.

This displays the Generate Feature CSR page.

4.

On the Generate Feature CSR page, select OK to continue with the generation of a feature CSR. This step authenticates the device trustpoint that has been set and extracts the CSR from the device.

5.

Repeat the steps for each device for which you are generating a CSR.


Generate a device certificate signing request, through 20.16.x

Note

From SD-WAN Manager 20.18.1, this procedure has been replaced. Use the WAN Edges Certificate Management workflow instead.

Procedure

1.

From the Cisco SD-WAN Manager menu, select Configuration > Certificates.

2.

Select WAN Edge List.

3.

For the desired device, select and choose Renew Device CSR.

This displays the Renew Device CSR page.

4.

On the Renew Device CSR page, select OK to continue with the generation of a new CSR.

Note

Cisco vManage Release 20.9.1 and later releases: Selecting Renew Device CSR resets the RSA private and public keys, and generates a CSR that uses a new key pair. SD-WAN Manager also resets RSA private and public keys before generating a new CSR in Cisco vManage Release 20.6.4 and later Cisco vManage 20.6.x releases.

SD-WAN Manager releases other than these: Selecting Renew Device CSR generates a CSR using the existing key pair.