Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1763
Views
5
Helpful
3
Replies

EAP Authentication Intermediate certificate renewal

Go to solution
Srinivasan Nagarajan
Level 1
Level 1

‎07-27-2020 09:21 AM - edited ‎07-27-2020 09:27 AM

Hi Experts,

We've 2 small node deployment with the same certificate used for Admin and EAP authentication where one of the Intermediate cert in the certificate hierarchy is about to expire.

 

Root CA

   ----> Intermediate CA 1

                 -----> Intermediate CA 2   (About to expire)

                                  ----> Admin and EAP authentication cert

 

1.Importing the Intermediate CA2 in the ISE 'Trusted store' and rolling out to the users via GPO would it suffice...?

2.will it cause any service disruption or restart of the services...?

 

Can you please suggest the best practices if any..

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni
In response to Srinivasan Nagarajan

‎07-29-2020 07:42 AM

You can add additional Root/Intermediate CA certificates to the trusted store in ISE and that will not affect ISE at all.  If you are correct that the new certificate would have a different expiration date, then it is a totally different Intermediate CA certificate and will add just fine.  No services will be restarted.

View solution in original post

3 Replies 3

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎07-28-2020 01:55 PM

Double check your certificate and certificate chain.  Your identity certificate should not have an expiration date that is later than your issuing CA certificate.  Verify the serial numbers to ensure you are looking at the correct CA certificates.

Just adding a certificate to the trusted store will not cause a restart of services.  But if you have to update your identity certificate used for admin, then that would restart the services.

0 Helpful

Go to solution
Srinivasan Nagarajan
Level 1
Level 1
In response to Colby LeMaire

‎07-29-2020 06:54 AM - edited ‎07-29-2020 06:55 AM

Hi Colby,

 

Thanks for the reply. Our renewal concern is only about the Inter.CA certs not the identity/server cert

 

We've already an Intermediate certificate which is about to expire (in less than 60days) and what are the procedures to be followed to renew the Intermediate certificate from the same CA without deleting the existing Inter.CA...

 

If we add the new Inter.CA in the trusted store from the same CA, will it accept when there is already an existing Inter.CA exists on the ISE...

0 Helpful

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni
In response to Srinivasan Nagarajan

‎07-29-2020 07:42 AM

You can add additional Root/Intermediate CA certificates to the trusted store in ISE and that will not affect ISE at all.  If you are correct that the new certificate would have a different expiration date, then it is a totally different Intermediate CA certificate and will add just fine.  No services will be restarted.

Customers Also Viewed These Support Documents