Curious to know the process mentioned in the title of this discussion. I'm looking everywhere for this, but cannot find it so far. Any detailed explanation on how this can be achieved would be greatly appreciated.
Thank you in advance.
Solved! Go to Solution.
Cisco does not recommend exporting the private key associated with the certificate because its value may be exposed. If you must export the private key, you must specify an encryption password for the private key. You will need to specify this password while importing this certificate into another Cisco ISE server to decrypt the private key."
Anyway, you can do this on the Administration / System / Certificate.
-If I helped you somehow, please, rate it as useful.-
Thank you for the response.
I'm honing in on exactly what is required now. My apologies for shifting off my previous predicament (not too tangential to what was initially stated).
We are looking to import the server certificate into our ISE PSN node.
It looks as if we:
A) Need to generate a private key via ISE web GUI (not sure where this is done via ISE web GUI. We already purchased and installed the public key)
Then go to Administration > System > Certificates > System Certificates and:
(where "*" (3.) = actual issue at hand)
How did you purchase the certificate? To have a certificate issued to you in the first place, you need to have a private/public key generated on the server that you want the cert on. Out of that you send the public key to the CA (along with other attributes) and get it signed. You then import the certificate to the server, which then logically binds the private and public key together.
If I understand your question correctly, you already have a certificate issued to another server. You want to be able to export that cert and import that into ISE, like you would do for a Wildcard cert. If so, what you would need to do is export the certificate and key from that server as a pkcs12 file (or pfx for windows). This file has to be then split into private and public key using openssl. How to do this is given here:
Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.cr
You can then import this separately on ISE.