View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

RS0116 - SDA Certificate Install

Average: 5 (1 vote)
Difficulty Level: 
Lab Document: 
<Please login to see the content>
Video Download: 
Title: RS0116 - Video Download $11.00
Purchase RS0116 - Video Download $11.00
The video shows you a certificate install of DNAC. We will review the recommended certificate format for both DNAC identity cert as well as subordinate certificate used to issue device certificate to ensure proper operation.
  • DNAC Certificate
  • Subordinate Certificate
  • Device Certificate

About Author

Metha Cheiwanichakorn, CCIE#23585 (RS, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at, Metha enjoys learning and challenges himself with new Cisco technologies.



I've tried this several times and with several different methods and I can't get it to work. The certificate I have now is valid and I do have a green lock in my browser and all certificates in the chain is valid, but on DNA Center > Settings > Certificate the Authority for the cert still say Self-signed.

I've tried it just as shown in this video with an external OpenSSL. I've also try both the Openssl method and the API method described by Cisco here:

Nothing works.

NOTE: The default Subordinate Certification Authority template Cisco wants you to use does not work. It won't import the certificate because of missing keyEncipherment so I did create my own template with keyEncipherment and both serverAuth and clientAuth.

What version of DNAC are you running. Have you opened a case with Cisco to see if this is a bug?

I actually got this to work. I had to import the Root CA certificate into the DNA Trustpool manually. I noticed that it didn't do this during the process automatically so after I did that it shows up correctly. This happened with all the methods I tried.

Hello Metha. Thank you for this video !
Could you share the .cnf file please ?
I am facing issues with my file and I would like to compare.

Thank you,

I see this post was from a while back.
But there is an official doc on how to generate the certs available now.

Thank you for sharing.

Lab Minutes Classifieds