Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1501
Views
0
Helpful
1
Replies

ACS Distributed Deployment CA Cert Renewal

Go to solution
jofische
Cisco Employee
Cisco Employee

‎04-10-2017 08:05 AM

When renewing CA certs in a distributed deployment are there any gotchas to be aware of?  We would like to renew certs on individual nodes during different change windows.  I don’t think this should be a problem as long as the certs are trusted but asking to be certain.

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎04-11-2017 04:23 PM

In ACS you have a primary and multiple secondary, so when renewing CA certs make sure you have the CA certificate installed in all the secondary and Primary first.

Renew the server certificate in the secondary first and then primary at the end. Use a CA signed certificate as a best practice.

If using self-signed, same logic applies.

-Krishnan

View solution in original post

0 Helpful
1 Reply 1

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎04-11-2017 04:23 PM

In ACS you have a primary and multiple secondary, so when renewing CA certs make sure you have the CA certificate installed in all the secondary and Primary first.

Renew the server certificate in the secondary first and then primary at the end. Use a CA signed certificate as a best practice.

If using self-signed, same logic applies.

-Krishnan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents