Skip to main content
Cisco SD-WAN
Product Documentation
Viptela Documentation

Configure Certificate Settings

New controller devices in the overlay network—vManage NMSs, vBond orchestrators, and vSmart controllers—are authenticated using signed certificates. From the vManage NMS, you can automatically generate the certificate signing requests (CSRs), retrieve the generated certificates, and install them on all controller devices when they are added to the network.

Note: All controller devices must have a certificate installed on them to be able to join the overlay network.

To automate the certification generation and installation process, configure the name of your organization and certificate authorization settings before adding the controller devices to the network.

Hardware a vEdge routers ship with pre-installed signed certificate. On vEdge Cloud routers, you generate the CSR and install the certificate from the router's CLI. See Generate vEdge Cloud Router Certificate.

Configure the Organization Name

The organization name is included in the CSR. Before vManage NMS generates a CSR, you must configure the organization name.

Note: Once you add devices to the vManage NMS, you cannot edit the organization name.

  1. In vManage NMS, select the Administration ► Settings screen.
  2. In the Organization Name bar, click Edit.
  3. Enter the name of your organization. Note that the organization name must be identical to the name that is configured on the vBond orchestrator.
  4. In the Confirm Organization Name field, re-enter and confirm your organization name.
  5. In thevBond bar, click Edit.
  6. In the vBond DNS/IP Address: Port field, enter the DNS name that points to the vBond orchestrator, or the IP address of the vBond orchestrator and the port number to use to connect to it.
  7. Click Save.

Configure Certificate Authorization Settings

To automate the certificate generation and installation process for vBond orchestrators, vManage NMSs, and vSmart controllers, configure the certificate authorization settings:

  1. In vManage NMS, select the Administration ► Settings screen.
  2. In the Certificate Authorization bar, click Edit.
  3. In the Certifcate Signing by Symantec, select Automated to have the Symantec signing server automatically generate, sign, and install certificates on each controller device. It is recommended that you select Automated certificate signing.
    If you select Manual, see Generate a Certificate for details on how to manually generate a certificate.
  4. Enter the first and last name of the requestor of the certificate.
  5. Enter the email address of the requestor of the certificate. This is required because the signed certificate and a confirmation email are sent to the requestor via email; they are also made available though the customer portal.
  6. Specify the validity period for the certificate.
  7. Enter a challenge phrase. The challenge phrase is your certificate password and is required when you renew or revoke a certificate.
  8. Confirm your challenge phrase.
  9. In the Certificate Retrieve Interval field, specify how often the vManage server checks if the Symantec signing server has sent the certificate.
  10. Click Save.

Note: This process simply establishes whether the certificate generation for all controller devices will be done automatically or manually. It does not generate the certificates.

Additional Information

Bringup Sequence of Events

  • Was this article helpful?