https://community.cisco.com/t5/network-access-control/renewing-https-certificate-in-cisco-ise/m-p/2986559#M38728 <P>The only downtime you can expect while renewing the HTTPS certificate is:</P> <P>1. For HTTPS protocol changes, a restart of the ISE services is required, which creates a few minutes of downtime. You will not be able to access the GUI for round 10 - 15 minutes.</P> <P>2. If you use self-signed certificates in a distributed deployment, the primary self-signed certificate must be installed into the trusted certificate store of the secondary ISE server.&nbsp; Likewise, the secondary self-signed certificate must be installed into the trusted certificate store of the primary ISE server. This allows the ISE servers to mutually authenticate each other.&nbsp; Without this, the deployment might break. If you renew certificates from a third-party CA, verify whether the root certificate chain has changed and update the trusted certificate store in the ISE accordingly.</P> <P>Here is <A href="http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116977-technote-ise-cert-00.html">document</A> where same steps are documented. I've highlighted for your convenience.</P> <P></P> <P>Rgds,</P> <P>Jatin</P> <P><EM>~ Do rate helpful posts.</EM></P> <P></P> Tue, 16 Aug 2016 13:27:55 GMT Jatin Katyal 2016-08-16T13:27:55Z https://community.cisco.com/t5/network-access-control/renewing-https-certificate-in-cisco-ise/m-p/2986558#M38727 <P>Hello,</P> <P></P> <P>A few months ago a renewed our eap certificate. Now i have to renew the HTTPS certificate. ISE says there will be a "significant" downtime when renewing the certificate.</P> <P></P> <P>What is this downtime exactly? Can't users authenticatie through EAP / Radius?&nbsp; Or is it only the web interface? I can't find any documentation on this matter.</P> <P></P> <P>Kind regards,</P> <P></P> <P>Michael Trip</P> Mon, 11 Mar 2019 06:59:52 GMT https://community.cisco.com/t5/network-access-control/renewing-https-certificate-in-cisco-ise/m-p/2986558#M38727 Michael Trip 2019-03-11T06:59:52Z https://community.cisco.com/t5/network-access-control/renewing-https-certificate-in-cisco-ise/m-p/2986559#M38728 <P>The only downtime you can expect while renewing the HTTPS certificate is:</P> <P>1. For HTTPS protocol changes, a restart of the ISE services is required, which creates a few minutes of downtime. You will not be able to access the GUI for round 10 - 15 minutes.</P> <P>2. If you use self-signed certificates in a distributed deployment, the primary self-signed certificate must be installed into the trusted certificate store of the secondary ISE server.&nbsp; Likewise, the secondary self-signed certificate must be installed into the trusted certificate store of the primary ISE server. This allows the ISE servers to mutually authenticate each other.&nbsp; Without this, the deployment might break. If you renew certificates from a third-party CA, verify whether the root certificate chain has changed and update the trusted certificate store in the ISE accordingly.</P> <P>Here is <A href="http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116977-technote-ise-cert-00.html">document</A> where same steps are documented. I've highlighted for your convenience.</P> <P></P> <P>Rgds,</P> <P>Jatin</P> <P><EM>~ Do rate helpful posts.</EM></P> <P></P> Tue, 16 Aug 2016 13:27:55 GMT https://community.cisco.com/t5/network-access-control/renewing-https-certificate-in-cisco-ise/m-p/2986559#M38728 Jatin Katyal 2016-08-16T13:27:55Z