Cisco Catalyst SD-WAN Certificate Management Guide, Releases 26.x and Later

PDF

Feature history of enterprise certificates

Want to summarize with AI?

Log in

Describes developments in enterprise certificate support, by release.


Developments in enterprise certificate support, by release.

Table 1. Feature history

Feature Name

Release Information

Description

Support for Secondary Organizational Unit

Cisco IOS XE Catalyst SD-WAN Release 17.2.1r

Cisco SD-WAN Release 20.1.1

This optional feature allows you to configure a secondary organizational unit when configuring the certificates. If specified, this setting is applied to all controllers and edge devices.

Support for Subject Alternative Name (SAN)

Cisco IOS XE Catalyst SD-WAN Release 17.4.1a

Cisco SD-WAN Release 20.4.1

Cisco vManage Release 20.4.1

This feature enables you to configure subject alternative name (SAN) DNS Names or uniform resource identifiers (URIs). It enables multiple host names and URIs to use the same SSL certificate.

Support for Specifying Any Organization for WAN Edge Cloud Device Enterprise Certificates

Cisco Catalyst SD-WAN Control Components Release 20.11.1

When configuring controller certificate authorization for enterprise certificates on WAN edge cloud devices, you can specify any organization in the Organization field. You are not limited to names such as Viptela LLC, vIPtela Inc, or Cisco Systems. This enables you to use your organization’s certificate authority name or a third-party certificate authority name.

Support for Certificates Without the Organizational Unit Field

Cisco IOS XE Catalyst SD-WAN Release 17.12.1a

Cisco Catalyst SD-WAN Control Components Release 20.12.1

Enterprise certificates that you install on devices do not require the Organizational Unit (OU) field to be defined. Earlier, this field was used as part of the authentication of a device.

RSA Key Length Increase in Cisco SD-WAN Manager

Cisco Catalyst SD-WAN Control Components Release 20.15.2

Cisco Catalyst SD-WAN Control Components Release 20.16.1

Introduces 4096-bit RSA key support for certificate signing requests (CSR) for enterprise certificates.