Generate and upload the appliance certificate
To establish a connection between Citrix SD-WAN Center and Citrix SD-WAN Master Control Node (MCN), download the SSL certificate from the SD-WAN Center and install it on the MCN. For more information, see Install the Citrix SD-WAN Center certificate.
Previously, a pre-defined appliance certificate was used which was already installed in the SD-WAN Center. With Citrix SD-WAN 11.0 release, you can regenerate the appliance certificate on the MCN which will replace the pre-defined certificate and then install on SD-WAN Center.
Installing the appliance certificate to the SD-WAN Center is mandatory for new deployments and for SSL communication to work. MCN generates a network certificate and distributes the certificate with a private key through the certificate manager to all nodes. The certificates are used by each branch to authenticate the SD-WAN Center.
To generate appliance certificate in SD-WAN:
Navigate to Configuration > expand Virtual WAN > select SD-WAN Center Certificates.
The following options are available under the MCN Certificate Management table.
- Regenerate Certificate.
- Download Certificate.
When you regenerate the SSL certificate, the SD-WAN appliance uses the new certificate immediately for communication with discovered SD-WAN Center. However, communication with the appliances will not succeed until you download and install the newly generated certificate on the SD-WAN Center.
In SD-WAN Center, upload the appliance certificate by navigating to, Configuration > SSL Certificate > MCN Certificate.
Browse for the downloaded certificate, select, and click Upload and Install.
Once you downloaded the certificate and upload it to the SD-WAN Center, the certificate replaces the hard coded appliance certificate.