Scribd
Upload
10 views5 pages

CA Server

The document outlines the steps for generating and installing certificates using vManage as a Certificate Authority for vManage, vBond, and vSmart devices. It includes commands for generating root keys, creating Certificate Signing Requests (CSRs), and installing certificates through both the vManage GUI and command line. Additionally, it provides methods for activating vEdges and cEdges with the generated certificates.

Uploaded by

Nestor Diego Maldonado Villarroel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views5 pages

CA Server

The document outlines the steps for generating and installing certificates using vManage as a Certificate Authority for vManage, vBond, and vSmart devices. It includes commands for generating root keys, creating Certificate Signing Requests (CSRs), and installing certificates through both the vManage GUI and command line. Additionally, it provides methods for activating vEdges and cEdges with the generated certificates.

Uploaded by

Nestor Diego Maldonado Villarroel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

CERTIFICATE GENERATION METHOD -USING vManage AS A CERTIFICATE AUTHORITY

Certification Installation - vManage:

1) Go to shell mode

vshell

2) Generate Root Key

openssl genrsa -out ROOTCA.key

3) Confirm the root key by;

ls (to confirm root key)

4) Generate ROOTCA.pem

openssl req -x509 -new -nodes -key ROOTCA.key -sha256 -days 2000 \

-subj "/C=US/ST=California/L=San Jose/O=viptela sdwan/CN=viptela sdwan" \

-out ROOTCA.pem

Note: Change "viptela sdwan" with your organization name.

5) Confirm you have ROOKCA.key and ROOTCA.pem

ls

6) Copy the contents of ROOTCA.pem by below steps:

vManage cli --> vshell --> cat ROOTCA.pem

---Change the Controller Certificate Authorization to use Enterprise Root Certificate in vManage GUI --
Controller Certificate Authorization.-- and paste the copy contents here.
7) CREATING CSR FOR vMANAGE:

vManage GUI --> Config --> Cert --> Controllers --> vManage --> Generate CSR

Copy the contents of CSR -- > vshell --> ls (to check vmanage.csr file is there or not) if not we need to
create it by vim vmanage.csr and paste the contents from step 6 using below method.

Create a file in vManage vshell named "vim vmanage.csr"

Press "i" to insert.

Press Esc, and type :wq and press Enter. (to save file in vim)

if vmanage.csr file is already present then we need to run following command.

openssl x509 -req -in vmanage.csr \

-CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial \

-out vmanage.crt -days 500 -sha256

8) vManage --> vshell --> cat vmange.crt

copy the contents .. goto vmange gui --> cert --> controllers --> install cert -- and paste it and install.

*************************************************************************************
************************************

Certification Installation - vBond:

1) Add vBond to control plane from vManage GUI and generate certificate.

2) Copy the generated certificate:

Create a file in vManage vshell named "vim vbond.csr"

Press "i" to insert.


Press Esc, and type :wq and press Enter. (to save file in vim)

3) Use below command to create vbond.crt.

openssl x509 -req -in vbond.csr \

-CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial \

-out vbond.crt -days 500 -sha256

In vmange --> vshell --> ls (You will see vbond.crt) --> cat vbond.crt

copy the content of vbond.crt

Goto vManage GUI --> Certificates --> Controllers --> Install Certificate (Paste it here) and click install.
Or use below command to do this process.

request root-cert-chain install scp://[email protected]:/home/admin/ROOTCA.pem vpn 0

*************************************************************************************
************************************

Certification Installation - vSmart:

1) Add vBond to control plane from vManage GUI and generate certificate.

2) Copy the generated certificate:

Create a file in vManage vshell named "vim vsmart.csr"

Press "i" to insert.

Press Esc, and type :wq and press Enter. (to save file in vim)

3) Use below command to create vbond.crt.


openssl x509 -req -in vsmart.csr \

-CA ROOTCA.pem -CAkey ROOTCA.key -CAcreateserial \

-out vsmart.crt -days 500 -sha256

In vmange --> vshell --> ls (You will see vbond.crt) --> cat vsmart.crt

copy the content of vsmart.crt

Goto vManage GUI --> Certificates --> Controllers --> Install Certificate (Paste it here) and click install.
Or use below command to do this process.

request root-cert-chain install scp://[email protected]:/home/admin/ROOTCA.pem vpn 0

*************************************************************************************
************************************

Installation & Activation of vEdges:

Method-1:

request root-cert-chain install scp://[email protected]:/home/admin/ROOTCA.pem vpn 0

request vedge-cloud activate chassis XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX token


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Method-2: (Applicable to version 20.3.1)

-Copy the content of ROOTCA.pem from vManage, and create a vim file ROOTCA.pem on vEdges, and
paste it.

-Run below command to install the certificate;

vEdges#request root-cert-chain install /home/admin/ROOTCA.pem

#request vedge-cloud activate chassis XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX token


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

*************************************************************************************
************************************

Installation & Activation of cEdges:


-Go to vshell of vManage, and tranfer ROOTCA.pem to cEdge. This command will transfer ROOTCA.pem
to flash of cEdge.

$scp ROOTCA.pem [email protected]:ROOTCA.pem

-Use below command on cEdge to install the certificate

#request platform software sdwan root-cert-chain install bootflash:ROOTCA.pem

-Activate chassis/token for cEdge

#request platform software sdwan vedge_cloud activate chassis-number CSR-XXXXXXXX-XXXX-XXXX-


XXXX-XXXXXXXXXXXX token XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

You might also like