We have total 22 ISE nodes ( Including Admin+Mnt) in cluster and using ISE 2.4 version. We have already installed identity certificate for every node from private CA and assigned "Admin" role in ISE. We have also installed root certificate in Trusted store. All the certificates are SHA1 certificates.
Now customer has upgraded the same Certificate Authority server to support SHA 2 and provided us new identity and root certificates.
While importing the new root certificate, it is giving the following error.
"There is one system certificate with the same subject name and issuer but having a different serial number. Importing was aborted. For successful importing, you need to remove the other certificate first"
My questions are,
1. If I remove the earlier root certificate, not changing identity certificate role, will it impact ISE functionality?
2. Do I need to change "Admin role" to some other certificate first and then remove the root certificate ? and then install new root and Identity certificates.
Could you please guide us the correct way of importing the certificates in this scenarios