Describes the use of a third-party certificate authority for devices in a Cisco Catalyst SD-WAN fabric.
A third-party CA certificate is a digital certificate that
-
authenticates device identities for secure communications,
-
establishes and verifies secure connections between devices by validating server identities, and
-
requires more manual certificate signing and installation processes, unlike Cisco PKI certificates, which can be automated.
Initial setup
SD-WAN Manager permits uploading third party certificates to devices during their integration with the fabric. This is only available during the initial setup, when devices are installed and control connections are established.
Certificate upload
From Cisco IOS XE Catalyst SD-WAN Release 17.13.1a, SD-WAN Manager provides a method for uploading certificates, not requiring the use of CLI commands. It supports CA certificate uploads even after device setup.
Authenticating server identities
The CA certificates authenticate the server identities and prevent unauthorized access. Cisco IOS XE Catalyst SD-WAN devices use CA certificates to establish and manage secure connections with different servers in a network. When you upload a CA certificate to SD-WAN Manager, devices use the certificate information from the configuration group parcels to verify and authenticate the connections it establishes with servers across a network, improving the security and integrity of your network traffic.