System CA Certificate
Configure CA Certificate feature in the system profile
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”system_profiles (sdwan.feature_profiles)
Section titled “system_profiles (sdwan.feature_profiles)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ca_certificate | Class | [ca_certificate] | No |
ca_certificate (sdwan.feature_profiles.system_profiles)
Section titled “ca_certificate (sdwan.feature_profiles.system_profiles)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[^&<>! "]{1,128}$ | No | ca_certificate |
| description | String | No | ||
| certificates | List | [certificates] | Yes |
certificates (sdwan.feature_profiles.system_profiles.ca_certificate)
Section titled “certificates (sdwan.feature_profiles.system_profiles.ca_certificate)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| certificate_id | String | Regex: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$ | Yes | |
| trustpoint_name | String | Regex: (^([a-zA-Z])([a-zA-Z0-9_-])+){1,32}$ | Yes |
Examples
Section titled “Examples”In order to configure CA Certificate, you need a certificate ID. You can retrive certificate ID by using one of the methods below:
Option 1: Set, SDWAN_URL, SDWAN_USERNAME and SDWAN_PASSWORD enviromental variables and use sdwan-get-ca-certs.py script:
$ python3 scripts/python/sdwan-get-ca-certs.py*** Connecting to the SD-WAN Manager API... ****** Third-Party CA Certificates ***Certificate Name: cert1UUID: d8167c98-0976-49d3-b42f-f8cb9a59e0b5Subject Common Name: sign.sdwan_autopod.cisco.com--------------------------------------------------Certificate Name: cert2UUID: 278b5db1-8d12-40db-b0a1-e87a55106a4dSubject Common Name: sign.sdwan_autopod.cisco.com--------------------------------------------------Option 2: Use API call https://<manager-ip>/dataservice/v1/certificate/third-party-ca/
Example-1: This example configures a CA Certificate feature that references a certificate ID under the trustpoint CATP.
sdwan: feature_profiles: system_profiles: - name: system1 description: This is a test system profile ca_certificate: name: ca_thirdparty_certificate description: My CA Third Party Certificate Feature certificates: - certificate_id: b4f23b8f-a3ef-4d2d-af15-705a4217ce11 trustpoint_name: CATP