Describes enterprise certificate support in Cisco Catalyst SD-WAN.
An enterprise certificate is a digital certificate that
-
allows organizations to use their own private certificate signing authority instead of relying on public certificate authorities,
-
authenticates the identity of Cisco Catalyst SD-WAN components such as SD-WAN Controllers and edge devices, and
-
enables secure sessions between authenticated devices within the overlay network.
About enterprise certificate support
Enterprise certificates allow organizations to use their own private certificate signing authority rather than having to rely on public certificate signing authorities.
Enterprise certificate support was introduced in Cisco IOS XE SD-WAN Release 16.11.1 and Cisco SD-WAN Release 19.1, replacing the previous controller certificate authorization method. Enterprise certificates support features such as custom certificate properties and RSA key lengths from 2048 to 4096 bits. They are supported on Cisco SD-WAN Manager, Validator, Controller, and most hardware WAN edge routers.
Certificates and authorized serial number files must be installed on SD-WAN Control Components to validate and authenticate the overlay network components, ensuring operational security.
For more information about enterprise certificates, see the ​Cisco Catalyst SD-WAN Controller Certificates and Authorized Serial Number File Prescriptive Deployment Guide.
Setup
The goal of setting up certificates in the fabric is to install signed certificates on the SD-WAN Control Components and edge devices in the fabric. This allows the network components in the fabric to validate and authenticate each other, which allows them to establish secure connections between each other. This enables the fabric to become operational.