install certificate on sd-wan

Installing cert for sd-wan mangment

Requirements—

Cert must be encoded in pem (ASCII format) with .crt extension on file, cert file must not contain private key.

Certs cannot be in der (binary format)

Key file must be in .key format and must match with cert file (same modulus).Regardless of file extension (.cer,.pem,.crt) a cert encoded in pem format will appear as such

User-added image


A der encoded cert regardless of file extension will look like this

User-added image
Example scenarios

1.)You have a .pem file that contains the private key.

To use this file you must remove the private key and save the cert in the .crt format, key file will be saved as .key.

Strip the key file from cert

. open the .pem file in a text editor (preferably notepad++)

. next cut all lines related to the private key

User-added image
. Paste into new file and save in .key format

Cert file Should now look like this

User-added image
.Save the cert file in as a .crt file

Now upload both files to sd-wan via the gui

User-added image

2.) you have a der encoded .crt file

.First you need to convert the cer to pem format with below openssl cmd

openssl x509 -in cert.crt -inform der -outform pem -out cert.crt

ex-

openssl x509 -in sd-wan.crt -inform der -outform pem -out article.crt

.Find your private key and save to file as .key (make sure key file is not in binary format and that modulus matches cert)

. Last upload both files to sd wan via gui

User-added image

Note–all cert files/examples are from internal lab enviroment

Related:

  • No Related Posts

Leave a Reply