Cisco Catalyst SD-WAN Certificate Management Guide, Releases 26.x and Later

PDF

Install a web server certificate

Want to summarize with AI?

Log in

Procedure to install a web server certificate.


Before you begin

To use the automatic option in this procedure, first configure either EST (Enrollment over Secure Transport) or SCEP (Simple Certificate Enrollment Protocol), which are certificate enrollment protocols, in Administration > Settings > Certificate settings > Enterprise certificate settings.

Procedure

1.

From the Cisco SD-WAN Manager menu, choose Administration > Settings > Web server certificate.

2.

If you have a certificate installed and wish to renew it before it expires, select Renew adjacent to the installed certificate shown in the Installed certificate details area.

3.

To install a new certificate, select an installation option.

Option Description
SD-WAN Manager signed

Generate a certificate signing request (CSR), to be signed by a root certificate authority (CA) installed on SD-WAN Manager.

When the certificate installation is complete, refresh the browser page.

Enterprise (Auto)

Generate a certificate signing request (CSR), and automatically get it signed by an external certificate authority (CA) selected by your organization.

This option requires configuring either EST (Enrollment over Secure Transport) or SCEP (Simple Certificate Enrollment Protocol), which are certificate enrollment protocols. As described earlier, configure these in Administration > Settings > Certificate settings > Enterprise certificate settings.

When the certificate installation is complete, refresh the browser page.

Enterprise (Manual)

Generate a certificate signing request (CSR), to be signed by an external certificate authority (CA) selected by your organization. After getting the certificate signed, import it into SD-WAN Manager.

When the certificate installation is complete, refresh the browser page.

In a multitenant environment, we recommend that during this process, tenants enter their organization's preferred DNS server name in the SAN DNS names field.