Admin Cert in multinode deployment

kostasthedelegate — Thu, 22 Apr 2021 06:08:23 GMT

Hello,

I have ISE 2.6 with 2 PAN and 4 PSN

I would like to change the admin certificate from the default self signed to one form my PKI.

When I change it there will be a restart on the node right?

Is it advisable to change it on the PSN also?

Thanks and regards,

Konstantinos

Re: Admin Cert in multinode deployment

Damien Miller — Thu, 22 Apr 2021 06:30:32 GMT

I would suggest generating a single CSR with all your nodes as SANs, and have that signed by the internal PKI so that it can be installed on all six nodes. This keeps it clean and easy.

The relevant cert contents would look like this where the CN and first SAN are just a friendly name, and the remaining six are the FQDNs of the nodes.

CN: ise.yourdomain.com
SAN: ise.yourdomain.com
SAN: pan1.yourdomain.com

SAN: pan2.yourdomain.com

SAN: psn1.yourdomain.com

SAN: psn2.yourdomain.com

SAN: psn3.yourdomain.com

SAN: psn4.yourdomain.com

topic Re: Admin Cert in multinode deployment in Network Access Control

Admin Cert in multinode deployment

Re: Admin Cert in multinode deployment