Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

About the VPN Authentication Page

 

Contrail Service Orchestration (CSO) establishes secure IPsec Virtual Private Network (VPN) tunnels to connect sites after authenticating the tunnel endpoints. CSO authenticates tunnel endpoints by using either preshared keys or Public Key Infrastructure (PKI) certificates.

Service Provider (SP) and Operating Company (OpCo) Administrators can configure the authentication type when the tenant is onboarded.

If PKI certificate is configured as the authentication type, then tenant administrators can modify the PKI settings from the VPN Authentication page (Administration > Certificate Management > VPN Authentication) after the tenant is onboarded.

Note

The VPN Authentication page is displayed only for tenants with SD-WAN service that are configured with PKI as the authentication type.

Tasks You Can Perform

  • View information about the existing certificates for all provisioned sites in the tenant. See Table 1.

  • Change the Certificate Authority (CA) server settings (URL, password, and CRL Server URL) for the tenant. See Modify PKI Settings for All Sites.

  • Change the Certificate Revocation List (CRL) URL of certificates for the tenant. See Modify PKI Settings for All Sites.

  • Change the method of renewing PKI certificates for all provisioned sites in the tenant. See Modify PKI Settings for All Sites.

  • Change the method of renewing PKI certificates for one or more provisioned sites in the tenant. See Modify PKI Settings for Selected Sites.

  • Manually renew certificates for one or more provisioned sites in the tenant. SeeModify PKI Settings for Selected Sites.

  • Search for certificates by using keywords. Click the Search icon to enter the search term in the text box and press Enter. The search results are displayed on the same page.

  • Show or hide columns. Click the Show Hide Columns icon at the top right corner of the grid and select the columns that you want displayed on the VPN Authentication page.

Field Descriptions

Table 1 describes the fields on the VPN Authentication page.

Table 1: Fields on the VPN Authentication page

Field

Description

Tenant-Level Settings for PKI Certificates

Certificate Renewal

Current Tenant Setting

Renewal method currently configured for PKI certificates of the tenant.

Next Renew Check Time

  • If the Auto Renew Certificate toggle button on the Edit Tenant Certificate page is enabled, displays the date and time at which the next renewal check is scheduled.

  • If the Auto Renew Certificate toggle button on the Edit Tenant Certificate page is disabled, displays N/A (not applicable).

Next CRL check time

Date and time at which the next CRL check is scheduled.

Last CRL update time

Date and time at which the CRL was last updated.

Details of Certificates

Tenant Name

Name of the tenant.

Common Name

Name of the PKI certificate.

Certificate ID

ID of the PKI certificate.

Serial Number

Serial number of the PKI certificate.

Used In

Name of the site with which the PKI certificate is associated.

Device

Name of the device with which the PKI certificate is associated.

Status

Expiration status of the PKI certificate:

  • If you set the certificate to be renewed automatically, the status displayed depends on the renewal period that you selected from the Edit Certificate Settings for Tenant page.

    For example, if you selected the renewal period as 1 month, the Status field displays Less than 1 month before expiry.

  • If you set the certificate to be manually renewed, the status displayed depends on the expiration notification time for the certificate (Status: Less than 2 weeks before expiry).

  • If the expiration date of the certificate does not meet the expiration notification time yet, the Status field displays .

  • If the certificate has expired, the Status field displays Expired.

Expires on

Date and time at which the PKI certificate expires.

Renewal Method

Renewal method of the PKI certificate:

  • Auto

  • Manual

Related Documentation