Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

Configure Certificate Authorization Settings for Controller Devices

Signed certificates are used to authenticate devices in the overlay network. Once authenticated, devices can establish secure sessions between each other. It is from the vManage NMS that you generate these certificates and install them on the controller devices—vManage NMSs, vBond orchestrators, and vSmart controllers. You can use certificates signed by Symantec, or you can use enterprise root certificates.

The controller certification authorization settings establish how the certification generation for all controller devices will be done. They do not generate the certificates.

You need to select the certificate-generation method only once. The method you select is automatically used each time you add a device to the overlay network.

Have Symantec Automatically Process Certificates

To have the Symantec signing server automatically generate, sign, and install certificates on each controller device:

  1. In vManage NMS, select the Administration ► Settings screen.
  2. Click the Edit button to the right of the Controller Certificate Authorization bar.
  3. Click Symantec Automated (Recommended). This is the recommended method for handling controller signed certificates.
  4. Enter the first and last name of the requestor of the certificate.
  5. Enter the email address of the requestor of the certificate. This address is required because the signed certificate and a confirmation email are sent to the requestor via email; they are also made available though the customer portal.
  6. Specify the validity period for the certificate. It can be 1, 2, or 3 years.
  7. Enter a challenge phrase.The challenge phrase is your certificate password and is required when you renew or revoke a certificate.
  8. Confirm your challenge phrase.
  9. In the Certificate Retrieve Interval field, specify how often the vManage server checks if the Symantec signing server has sent the certificate.
  10. Click Save.

Manually Install Symantec Certificates

To manually install certificates that the Symantec signing server has generated and signed:

  1. In vManage NMS, select the Administration ► Settings screen.
  2. Click the Edit button to the right of the Controller Certificate Authorization bar.
  3. Click Symantec Manual.
  4. Click Save.

Use Enterprise Root Certificates

You can install enterprise root certificates on vBond orchestrator, vManage NMS, and vSmart controller devices.

By default, the enterprise root certificate has the following properties:

  • Country: United States
  • State: California
  • City: San Jose
  • Organizational unit: vIPtela Inc Regression
  • Organization: vIPtela Inc
  • Domain name: viptela.com
  • Email: support@viptela.com

To view this information, issue the show certificate signing-request decoded command on a controller device, and check the output in the Subject line. For example:

vSmart# show certificate signing-request decoded
...
Subject: C=US, ST=California, L=San Jose, OU=vIPtela Inc Regression, O=vIPtela Inc, CN=vsmart-uuid.viptela.com/emailAddress=support@viptela.com
...
vSmart#

To use enterprise root certificates:

  1. In vManage NMS, select the Administration ► Settings screen.
  2. Click the Edit button to the right of the Controller Certificate Authorization bar.
  3. Click Enterprise Root Certificate.
  4. In the Certificate box, either paste the certificate, or click Select a file and upload a file that contains the enterprise root certificate.
  5. To change one or more of the default CSR properties:
    1. Click Set CSR Properties.
    2. Enter the domain name to include in the CSR. This domain name is appended to the certificate number (CN).
    3. Enter the organizational unit (OU) to include in the CSR.
    4. Enter the organization (O) to include in the CSR.
    5. Enter the city (L), state (ST), and two-letter country code (C) to include in the CSR.
    6. Enter the email address (emailAddress) of the certificate requestor.
    7. Specify the validity period for the certificate. It can be 1, 2, or 3 years.
  6. Click Import & Save.

Release Information

Introduced in vManage NMS in Release 15.2.
In Release 18.2, add support for enterprise root certificates.

  • Was this article helpful?