This article we're gonna show you how to renew the cisco certificates. Let's go to the configuration certificates and click on the controllers tab. Then we can see that the expiration date of each of the components of the controllers, When it's going to be expired in this article. We show you the expiration date of the controllers. Certificates are in december 8, 2021 right and suppose that these controllers are about to expire.
Then we need to renew it. First thing is: we need to go to admin settings and we choose the controller certificate authorizations which is cisco, So this is recommended by cisco. We have a certificate, Ca pkI on the cloud, So we can use the cisco plug-and-play connect portal to sign the certificate automatically and the certificate retrieval interval is one minute as set in this article. You can modify it, But I just want to keep it one minute.
So that we can get the certificate right away after we request the certificates, And the second thing that you need to make sure is need to have a valid smart account credentials. In this example, I use my own account, Which is s-a-d-i-r-e-k and put the password in and save. The third thing is, You need to have controllers accessible through the internet? You need to go and allow the firewall is to have on-premise controllers and make sure that you have the dns access as well. The remanus will talk to the pnp portal using the 443 connections. So, Let's try to renew it now: go to the controller certificates and first we go to the vmanage and generate the csr before we doing that.
We just go and connect to the one of the client at the branch site and try to ping across the van. Just to make sure that it has connectivity, So this is the client and now I ping to 101010100, Which is on the other side of the web. I just start pinging it. It is successful, So I will leave this being open, So you can see that how interruption is gonna happen. If we re-certificate of the controllers, Then we go back to generate csr. This is being generated, Go into the cloud and talk to the pnp portal, And then it is generated and sent to the cisco for signing this one is re-managed.
So then we go to the software central and go to plug and play connect, And I just want to refresh this page a little bit. You can see that just now, 38 minutes right then I just do enrollment request, So it is completed already and we expect that this status will be changed to the installed. Once the certificate is signed from the portal and download back to the controllers, We managed all right now. It is already installed and looking at the date is looking at the time to changed the time to 3 30 8 pm.
That is new. Then, Let's go and recertificate after we bond and by the way the ping is still running, I don't see any drops on the packet now v bond is being sent to the cloud. Let's check the cloud again on the certificate tab.
You see the vbond has been requested and is being signed by the cisco pki. It takes a few minutes to sign and download back to the vmanage then to the ribbon. So let's wait right now. It is already installed and it updates the expiration date.
Now. It is 3 40 pm looking at whether we lost the ping or not, It seems like we do not lost the ping. Then let's go to the vismat and generate the css. Vmanage will talk to the vismat using the apI and using the apI also to push the csr to the portal. Again, We go back to the portal and check on the certificate tabs under the plug and play.
We see that we smart is there enrollment request and it is being signed by the cisco pki. Let's wait until this month is finished, Install the certificates all right. Now we smart has been updated with the new certificate.
As you can see here, The date and time is changed now. It is 2 3, 42 pm, Which is the current time right. Let's check, Everything is up yep.
The big smile is up. We want this up but notice, Something that the controller, The control plane from the edges goes down because, The v smart when it renew the certificates, Then the control plane will be interrupted so that we should have at least two resmarts. At the same time running, We should not do the re-certificates on the vismat for both of them. At the same time, It is not ex.
This is not the best practice. Then we see that the ping over here. I think it might have some loss here, But it doesn't.
It does not so the con the it seems like control plane it get interrupted, But the data it get interrupted, But the data plane doesn't get interrupted. So I think we are good now here. Controller has been reserved and the data plane not get interrupted. However as I want to recommend, Maybe if you can schedule the downtime or maintenance windows when doing the renew of the certificates on the controllers, That should be the best option.
If you wish to have all the perks of being certified with the exam, you should checkout the DevNet 200-901 DEVASC Dumps offered in the EveDumps’s Bootcamp Program.