When installing the various [SD-WAN](/sd-wan) controllers, it is necessary to create a certificate on all devices. It is possible to generate all of the necessary certificates on the [vManage](/sd-wan-vmanage) device using the `openssl` command.

When this is done, the following command must be run on both the [vBond](/sd-wan-vbond) and the [vSmart](/sd-wan-vsmart) devices to request and download the certificate:

```
vBond1# request download scp://admin@10.1.0.1:/home/admin/ROOT-CA.pem
/usr/bin/download: line 33: /proc/sys/kernel/hung_task_timeout_secs: Permission denied
The authenticity of host '10.1.0.1 (10.1.0.1)' can't be established.
ECDSA key fingerprint is SHA256:tDhYof1C8igzPm29fFlV5afe44qjJZAEDCNv9qQ2gPE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.1.0.1' (ECDSA) to the list of known hosts.
viptela 19.3.0 

admin@10.1.0.1's password: 
ROOT-CA.pem 100% 1257 41.1KB/s 00:00 
/usr/bin/download: line 33: /proc/sys/kernel/hung_task_timeout_secs: Permission denied
```

Note that this results in a `Permission denied` error, however, the process actually completes successfully. This can be confirmed with the following output:

```
vBond1# request root-cert-chain install /home/admin/ROOT-CA.pem
Uploading root-ca-cert-chain via VPN 0
Copying ... /home/admin/ROOT-CA.pem via VPN 0
Updating the root certificate chain..
Successfully installed the root certificate chain
```

The same is the case for the vSmart device.

## Links

https://networklessons.com/cisco/cisco-sd-wan/cisco-sd-wan-controllers-installation#Certificates

SD-WAN vBond and vSmart Download Root Certificate

Routing - Classless and Classful routing protocols

Routing - Directed vs Local broadcast address

Routing - Distance Vector Routing Protocols

Routing - Distance-vector routing protocol use cases

Routing - Dynamic routing protocols

Routing - How the routing table is populated

Routing - IP event dampening

Routing - Injecting a Static Route

Routing - Link-State vs Distance-Vector routing protocols

Routing - Link-state routing protocol use cases

Routing - OER master and border routers

Routing - PfR MC and BR on same device

Routing - The Null0 Interface

Routing - Using Anycast with BGP Multipath

Routing - Using the Null0 interface to prevent routing loops

Routing - address-family

Routing - default gateway

Routing - default routing using DHCP

Routing - directed broadcast

Routing - fully specified route

Routing - ip default-network command

Routing - l2transport

Routing - link-local IPv6 next hop address needs exit interface

Routing - network vs redistribute connected commands

Routing - redistribute command

Routing - redistribution and the routing table

Routing - route tagging

Routing - seed metrics

Routing - what is a WAN port

Routing - what is recursive routing

Routing - what is redistribution

Routing NX-OS passive-interface default

Routing Table

Routing in both directions

Routing what if the administrative distance is the same

Routing

SD-WAN - EVE-NG connection options

SD-WAN - Unique Site IDs for vEdges

SD-WAN - cEdge

SD-WAN - vAnalytics

SD-WAN - vBond

SD-WAN - vEdge full mesh

SD-WAN - vEdge vs cEdge

SD-WAN - vEdge

SD-WAN - vManage

SD-WAN - vSmart

SD-WAN OMP VPN Route Status Codes

SD-WAN Template Attach Error on vManage

SD-WAN set TLOC color

SD-WAN

SDN - what is orchestration

SG300-10 - InterVLAN routing defaults

SNMP - Engine ID

SNMP - Index shuffling

SNMP - Simple Network Management Protocol

SNMP - Version 3 security levels

SNMP - snmp-server community and host commands

SNMP monitoring routing on a Nexus device

SNMP trap vs inform

SNMP walk

SPAN capturing control packets

SPAN multiple destination ports on Cisco IOS device

SPAN using VLANs as a source on a Nexus device

SPAN

SSH - domain-name prerequisite

SSH connectivity - troubleshooting

SSM Multicast Group Verification

STP - Aging time reduction with a TCN

STP - Aging time return to default

STP - BPDU Filter Use Cases

STP - BPDU generation and port roles

STP - BPDUGuard, BPDUFilter, and Portfast

STP - BPDUs on a switch where STP is disabled

STP - BPDUs, VLAN IDs, and PVST+

STP - Cost of last link added by receiving switch

STP - Disabling spanning-tree

STP - Factors to Consider When Choosing a Root Bridge

STP - Learning State

STP - MST CIST Root

STP - MST CST and CIST

STP - MST Virtual Bridge and its role in interfacing with other STP topologies

STP - MST and PVST+ selecting root port

STP - MST maps groups of VLANs

STP - MST region attributes

STP - MST viewed as a single switch by PVST+

STP - Max Age vs Message Age

STP - Multiple Spanning Tree (MST)

STP - Multiple types of STP on the same switch

STP - PVST+ and Rapid PVST+ interaction

STP - Per VLAN Spanning Tree plus (PVST+)

STP - RSTP BPDU Flags and their usage

STP - RSTP EdgePort

STP - RSTP Proposal Timer Operation

STP - RSTP convergence process

STP - RSTP port roles

STP - RSTP prerequisites for immediate move to forward state

STP - RSTP proposal-agreement process

STP - RSTP while timer cannot be observed