Warning

CA Certificates Configured Through FDM-Managed Devices

Cisco Defense Orchestrator can manage multiple devices but is limited the in additional information that is saved when the device configuration is saved, which may incur some issues when handling internal CA certificates. CDO does not save the cert or key information of CA certificates that are configured through the FDM-managed console; if you attempt to use a CA certificate that was configured in an FDM-managed device and apply it to an SSL policy that is deployed to a secondary device, CDO creates a local copy of the CA certificate but does not and cannot copy the key information. As a result, neither CDO or the secondary device have the key information and the CA certificate cannot be successfully deployed. This also means that the download link for the local copy of the CA certificate is unavailable.

We strongly recommend configuring a separate CA certificate for any additional devices through an FDM-managed device, or creating CA certificates through the CDO UI.