Cisco SDWAN Onboarding Controllers Part 3 Root Certification Installation and Final steps

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi guys so in this video we are going to see how to generate a root certificate and install in our controllers as you can see right now there is no certificate installed in any of the controllers if you go to the main dashboard you can see there is no v smart v bond and three invalid certificate options so now uh we have to uh generate the root certificate so this is a lab i'm going to use the xca software to create a new root certificate and install in our controllers i have given the link for this download the description you can check it there so once you download the xca software uninstall will get this option click certificate tab and click file and open a new db and save it in your laptop so click on file click on new db and then save it just give a name and then you can save it it will ask you the password just set a password so that whenever you want to access the root ca db it will ask you to enter the same password so now you can see all these options are active i'm going to click on certificate again and click on new certificate so this is the console where you are going to create the xca certificate so it's already selected create a self-signed certificate with serial one and uh we have to create a template for new certificate leave it as a default ca only don't change this you have to keep it as default ca and then click apply extension apply subject and apply all then you click on subject here you just give a name for your root certificate i'm just going to give root ca just give a country name state and then quality so we have to give the same organization name what we given in our controllers make sure you don't make any mistake in this otherwise it won't come up under common name root ca an email address if you want you can use your gmail any email you can give so once you have entered uh make sure the organization name matches and then click on generate a new key so it just says it's going to generate a root certificate with this name and then it using the key size d048 then click on create so it has successfully created a key now after that you have to click ok so now this is your certificate now we have to install this certificate in your controllers uh in the cli also in vmanage gui i'm going to show you how to do that now right click this certificate and then click on export copy it in your clipboard now go into your controllers this will be bond then first we have to go into the v shell v sorry we shall enter you can check the path on home admin right now there is no root certificate so we have to create a certificate file here i'm just giving the name root ca dot crt so whatever copied i'm just pasting here now if you see the root certificate is there give exit coming to the cli mode now we have to give request root certificates install give the location home slash admin and then the root certificate file so now i have installed the roots that you get successfully in the v bond now i have to do it in the view manager also first go to the v shell check the location there is no root certificate so i'm going to give cat ca dot crt paste their certificate now you can see the root certificate exit and go to request root certificate chain install slash home slash admin and then the root server so we manage i have installed and then go to v smart this mod again go to visual check the path normal certificate to create one where is the certificate you can see the certificate now exit now you request roots installed home slash admin so now we have successfully installed the root certificate on v-smart vmanage and v-bond now go to the we manage dashboard go to administration and then settings so in settings we have to go inside this controller certification authorization in here click edit in production use we can use uh the actual third party roots a certificate this is a lab environment i'm going to give enterprise root ca so here i'm going to again paste whatever we copied from our root cs art don't give the sets property now you can just simply give import and save so now you can say it says the controller's referring authority is enterprise now let's go to configuration devices controllers you can see it's still the city it's not installed because we have to generate a csr and then install again we have to again go to configuration certificates so under the controller there are three dots in the right side you can see you have to click this and then click on generate csr and upload to your root ca software and then get it signed and then again we have to come here and install certificate you can see the path also first thing you have done the first step is to add the device the second step is to generate the csr then upload the certificate using install certificate then update the v bond update all this information to your view button you can see the option here sent to vpond so i'm going to click generate csr for this is my vmanage you can see the three dots click here generate csr so the csr is generated you have to do this for a v smart and v bond also and then download and save it when you say make sure you give the name when you generate for v smart give v smart and then for v v1 give v1 i'm going to say this and later i'll tell you how to get it signed from your xca software so once you have downloaded all the csr files uh go to your xca software and go to the tab certificate signing request and here and click on import and import the csr file i'm first doing for vmanage vmanage.csr that is successfully installed and then you have to click that now uh right click the vmanage and there is option to sign click the sign and you can see um conform this is for vmanage and uh click use this certificate for signing that is your root card and make sure you select this option use this certificate signing root ca and the template for new certificate you have to click https server click on apply extension apply subject apply all now click on extension in the extension you can see the range is given like a days so make it uh yes make it like two years and here we have to give the time exactly what you see in your um we manage so we manage the current clock is 1649 just make it to 49 and then apply it gets applied here and then click ok so now you can see if you scroll this you can see the signed [Music] symbol here so i'm going to do the same procedure for my v smart and also for my v bonder so now i have successfully signed for v smart and v button also using the same procedure you can see for all three it is showing as signed so this tab is only for uh signing uh this request but the actual certificate will be under certificates tab and you can see this greater than simple click that so under the root certificate you can see the certificate the actual certificate sign certificate for vmanage vsmod and then vbond so now this we have to uh install in our vmanage so first i'm going to take the vmanage right click here and then click on export clipboard the certificate is copied now so now i'm in the controller certification page and here in the top right side you can see install certificate click install certificate then paste the vmanage certificate here and then click install so it is scheduled for installation so once the certificate is successfully installed you can see the status success these are the the steps what are the things happened and this is a task view we have to go back to configuration devices certificates controllers and you can say for vmanage now we can see the certificate serial number site id and also it's updated to the v bond so and uh i'm going to do the same procedure for v smart and v bond also you have to go to x c a and so for vbond uh you can just do the right click and don't forget you always select the certificate option i've seen some people clicking the certificate and here they click right click and then give export and this is not the actual that you get if you install in the vmanage it won't work you have to always click on certificate so i'm going to do now for vbond right click export copy to clipboard then now in control certificates click install and then just paste it and then install so now it is scheduled for installation so you can see the status success you can see the same is here now if i go to the uh configuration certificates you can see the we want uh the host name the system ip and operation state has installed the site id certificate number everything is visible now so i'm going to do the same thing for vmware vsmart also now so i have done for vsmod now you can say vbondvsmartvmanage all showing the operational status and site id serial number the system ip all the information is fetched from your the device ip also is there and it's in the sync status and if you go to the main dashboard you can see uh our v smart is added v bond is added and the the up arrow shows that it is installed and it is active and right now under the uh certification we don't see anything invalid now the invalid account is zero now uh the certificates are all installed let's check the control connection status between the controllers to check the control connection go to monitor networks it will show the list of devices right now we have only controllers so it is showing uh these three click on v manage and directly takes you to the control connection so it shows the control connection between v manage and v bond and v smart is up and the pairing protocol dtls and the date when it came up all the details so now we have successfully installed the controllers and all of them came up and in the cli we can check few parameters like show control connections same thing what we see in the gui and show control local properties you can verify uh the certificate status is installed and certificate validity is valid so this information should be there otherwise the engine will come up same thing in this mode also show control connections so control local properties you can say it's installed and valid same with we manage also show control local properties install and valid so now in our topology uh we have uh successfully installed the uh the three controllers a v bond v manage and v smart so in the next video i'm going to show you how to onboard our vh1 into this sd-wan setup using the cli mode

Info

Channel: SivakumarNetLabs

Views: 2,598

Rating: undefined out of 5

Keywords: Cisco SDWAN Lab Guide, Cisco SDWAN vBond, Cisco SDWAN Lab Tutorials, Viptela SDWAN Lab Guide, Viptela SDWAN vManage, Viptela SDWAN vSmart, How to configure Root Certificate for SDWAN controllers, How to install Certificate for SDWAN controllers, cisco sd wan root certificate, cisco sd wan certificate, cisco sd wan certificate installation, cisco sd wan root certificate installation, cisco sd wan certificate install, cisco sd wan, cisco sd wan lab, cisco sd wan training

Id: TX6zuELVa-c

Channel Id: undefined

Length: 14min 20sec (860 seconds)

Published: Wed Aug 05 2020