Generate and upload the appliance certificate

To establish a connection between Citrix SD-WAN Center and Citrix SD-WAN Master Control Node (MCN), download the SSL certificate from the SD-WAN Center and install it on the MCN. For more information, see Install the Citrix SD-WAN Center certificate.

Previously, a pre-defined appliance certificate was used which was already installed in the SD-WAN Center. With Citrix SD-WAN 11.0 release, you can regenerate the appliance certificate on the MCN which will replace the pre-defined certificate and then install on SD-WAN Center.

Installing the appliance certificate to the SD-WAN Center is mandatory for new deployments and for SSL communication to work. MCN generates a network certificate and distributes the certificate with a private key through the certificate manager to all nodes. The certificates are used by each branch to authenticate the SD-WAN Center.

To generate appliance certificate in SD-WAN:

  1. Navigate to Configuration > expand Virtual WAN > select SD-WAN Center Certificates.

    The following options are available under the MCN Certificate Management table.

    • Regenerate Certificate.
    • Download Certificate.


    When you regenerate the SSL certificate, the SD-WAN appliance uses the new certificate immediately for communication with discovered SD-WAN Center. However, communication with the appliances will not succeed until you download and install the newly generated certificate on the SD-WAN Center.

    localized image

  2. In SD-WAN Center, upload the appliance certificate by navigating to, Configuration > SSL Certificate > MCN Certificate.

    localized image

  3. Browse for the downloaded certificate, select, and click Upload and Install.

Once you downloaded the certificate and upload it to the SD-WAN Center, the certificate replaces the hard coded appliance certificate.

Generate and upload the appliance certificate