Optional SAN IP field in CVP Certificate
ZTP boot can be done without specifying the SAN IP in the certificate’s field. If the certificate is issued by a public CA without a SAN IP, it will require us to use CVP’s FQDN to set up a secure connection. Using an IP address you can set up a secure connection with CVP, because the ZTP app now resolves the DNS name to the correct IP address. Although the SAN IP field in the certificate is now optional, DNS is still mandatory.
Creating a certificate without SAN IP
Go to settings and click on certificate Click on +Add, to add the new certificate Certificate form, asking for details will appear Fill the details without specifying SAN IPs
- From Settings select Certificate.
- Click on +Add, to add the new certificate.
- Complete the Certificate form, without specifying a SAN IP address.
- Click OK at the prompt will confirming that a SAN IP has not been provided.
- Clicking OK on the next prompt stating the existing certificate will be replaced.
- Proceed with the ZTP boot process.