When you start using a new internal ECDSA certificate authority, 256-bit encryption is automatically enabled for Secure SD-WAN Engines. If an Secure SD-WAN Engine cannot communicate with the Management Server, manually enable 256-bit encryption on the Secure SD-WAN
Engine, then make initial contact between the Secure SD-WAN Engine and the Management Server.
Before you begin
Create a new internal ECDSA certificate authority.
Steps
-
On the command line of the Secure SD-WAN Engine, enter one of the following commands to
start the Secure SD-WAN Configuration Wizard:
-
sg-reconfigure --no-shutdown
The Secure SD-WAN Configuration Wizard starts without shutting down the Secure SD-WAN Engine. Network interface settings cannot be changed in this mode.
-
sg-reconfigure
The Secure SD-WAN Engine shuts down, then the Secure SD-WAN Configuration Wizard starts. All options are available if you have a local connection. If you
have a remote SSH connection, you cannot change network interface settings because the Secure SD-WAN Engine always uses the no-shutdown mode for SSH connections.
-
Select
Next on each page until the
Prepare for Management Contact page opens.
-
Select Contact or Contact at Reboot, then press the spacebar.
-
Enter the Management Server IP address and the one-time password.
Note: The one-time password is specific to each Secure SD-WAN Engine and can be used only for one initial
connection to the Management Server. After initial contact has been made, the Secure SD-WAN Engine receives a certificate from the SMC for identification. If the
certificate is deleted or expires, repeat the initial contact using a new one-time password.
-
Select 256-bit Security Strength, then press the spacebar to use 256-bit encryption for the connection to the Management Server.
-
(Optional) Enter the fingerprint for the Management Server.
-
Select Edit Fingerprint, then press Enter.
-
Enter the Management Server’s certificate fingerprint.
The fingerprint is shown in the Management Client when you save the initial configuration.
-
Select Finish, then press Enter.
Result
The Secure SD-WAN Engine tries to make initial Management Server contact. The progress is shown
on the command line.