cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
490
Views
1
Helpful
4
Replies

Guest Portal Cert Sync Isse

Community,

I uploaded a renewed wildcard certificate for our Guest Portal to the Admin nodes. However, only some of the PSNs got the certificate while others did not. The others that did not are still showing the Default self signed cert is being used for the guest portal. What could prevent some of my PSNs from not receiving the new certificate?

Thank you. 

1 Accepted Solution

Accepted Solutions

@craddockchristopher no, they are not and no you don't need to de-register. From the Primary PAN under Administration > System > Certificates > System Certificates you select which node (the nodes in the cluster) you wish to assign the certificates too and the usage of the certificate (in this instance Portal).

View solution in original post

4 Replies 4

@craddockchristopher you need to import the certificate to each of the PSNs and select the usage as Portal.

https://community.cisco.com/t5/security-knowledge-base/how-to-implement-digital-certificates-in-ise/ta-p/3630897

 

Rob,

Are the certs when added to the admin nodes, not synced automatically to the PSNs? Do I have to de-register my PSN to add the new cert? 

Thank you.

@craddockchristopher no, they are not and no you don't need to de-register. From the Primary PAN under Administration > System > Certificates > System Certificates you select which node (the nodes in the cluster) you wish to assign the certificates too and the usage of the certificate (in this instance Portal).

Thanks so much Rob. I exported the cert and private key from the admin node then went to Administration > System > Certificates > System Certificates > Import and imported the cert to the specified PSN. What's funny is after I did that, the cert then showed up in the other PSNs that were having the same issue. Very strange, but you sent me on the right path!