topic CERTIFICATE RENEWAL/DELETE ERROR in Network Access Control

CERTIFICATE RENEWAL/DELETE ERROR

Ali — Mon, 13 Aug 2018 05:04:05 GMT

Hi Community,

Currently running with two node deployment with ISE version 2.1

My SAML certificate got expired on my Secondary node, when I am trying to renew I am getting the error as ISE Node not Reachable.

In order to renew From Secondary Node I am not seeing the option to edit the certificate.

When trying to delete the certificate I am getting the message as below..........

"One or more certificates that are selected for delete are shared certificate(s). Deleting the shared certificate will delete the corresponding certificate(s) on rest of the nodes in the deployment. Please confirm this is intended by clicking Delete.

The following certificate(s) are shared certificates. Are you sure you want to delete them?

Default self-signed saml server certificate - "

My concern is that My SAML on Primary certificate will also get deleted if I continue to delete on Secondary node (Please correct me here if I am wrong here)

Kindly need helpful suggestion for the above.

Re: CERTIFICATE RENEWAL/DELETE ERROR

RichardAtkin — Mon, 13 Aug 2018 08:19:44 GMT

The first question here is, is the secondary node still joined to the cluster?

If you go to the "Administration > Deployment" page, do you still see the secondary as connected and synchronised without any issues?

If it's not connected can you force a re-sync? (Caution: this will caue the secondary to reboot)

If it won't re-sync, can you SSH to it and give it a reboot? Verify Routing and FW rules are all ok between the two boxes?

Re: CERTIFICATE RENEWAL/DELETE ERROR

Ali — Mon, 13 Aug 2018 10:14:41 GMT

Hello Richa,

Thank you for the reply

Yes, both the nodes are in cluster and synchronized.

Any other option I can try ?