Cisco DNAC certificate renewal

This needs more context added

1. Create CSR from DNAC.

2. Sign CSR using http://mrs-ca01/certsrv/certrqxt.asp - sign in with your admin account. Enter the CSR and select pxgrid template.

3. Run these scripts from openssl on mrs-rdp (program files) "C:\Program Files\OpenSSL-Win64\bin"

4. Open cmd and run the following commands (check path)

# A) Extract chain certs from the .p7b (PKCS#7)

openssl pkcs7 -inform DER -print_certs -in "C:\Users\joel_admin\Desktop\Cisco DNAC certs\chain.p7b" -out "C:\Users\joel_admin\Desktop\Cisco DNAC certs\chain_certs.pem"

# B) Convert your leaf .cer to PEM (if it’s DER). If it's already Base64, you can skip this.

openssl x509 -inform DER -in "C:\Users\joel_admin\Desktop\Cisco DNAC certs\leaf.cer" -out "C:\Users\joel_admin\Desktop\Cisco DNAC certs\leaf.pem"

# C) Build the bundle (leaf first, then chain)

type "C:\Users\joel_admin\Desktop\Cisco DNAC certs\leaf.pem" "C:\Users\joel_admin\Desktop\Cisco DNAC certs\chain_certs.pem" > "C:\Users\joel_admin\Desktop\Cisco DNAC certs\fullchain.pem"

The chain_certs.pem is the file you need to upload to DNAC.

Cisco DNAC certificate renewal

Modified on: Mon, 10 Nov, 2025 3:09 PM

Related Articles

​Cisco DNAC certificate renewal

Modified on: Mon, 10 Nov, 2025 3:09 PM

Related Articles

Cisco DNAC certificate renewal