Cisco Catalyst SD-WAN Certificate Management Guide, Releases 26.x and Later

PDF

Restrictions for revoking certificates

Want to summarize with AI?

Log in

Describes restrictions to be aware of while revoking certificates.


These are restrictions that apply to revoking certificates.

Disabled by default

By default, the Certificate Revocation feature is disabled. When you enable the Certificate Revocation feature for the first time, control connections to all the devices in the network flap. We recommend that you enable the feature for the first time during a maintenance window to avoid service disruption.

When you disable the Certificate Revocation feature, control connections to all the devices in the network flap. We recommend that you disable the feature during a maintenance window to avoid service disruption

Applicable only if you are using an enterprise CA to sign certificates

You can use the Certificate Revocation feature only if you are using an enterprise CA to sign certificates for hardware WAN edge certificate authorization, SD-WAN Controller certificate authorization, or WAN edge cloud certificate authorization.

Connecting to a server to retrieve a CRL

Cisco SD-WAN Manager can connect to a server to retrieve a CRL only through the VPN 0 interface.

VPN 512 support

From Cisco vManage Release 20.11.1, connections through the VPN 512 are supported.