- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2018 03:19 PM - edited 10-15-2018 03:33 PM
We have an ISE 2.2 deployment consisting of 2 PANs, 2 MnT, and 4 PSN nodes. We are using EAP authentication. All of the nodes have certificates issued by our CA. We are planning on utilizing the F5 to load balance our PSNs. We reviewed the Cisco and F5 Deployment Guide by Craig Hyps and got stuck on the part where we generate the CSRs. In ISE 2.2, it wants us to select the node that we want the CSR to be generated for. If we select all of our 4 PSNs, it will generate 4 CSRs with same CN and SANs (see below). However, In the document is says to generate one CSR then export, then import the signed certificate to the other nodes. Not sure how we can do that if we have 4 certs, one for each node. Any help will greatly be appreciated.
Hostname: ISEPSN01
Subject: CN=ise.company.com,OU=X,O=XX,L=City,ST=MD,C=US
Key Length: 2048
Timestamp: Thu, 20 Sep 2018
Friendly Name: isepsn01#Multi-Use
Used for: Multi-Use
Subject Alternative Names: DNS:ise.company.com, DNS:isepsn01.company.com DNS:isepsn02.company.com DNS:isepsn03.company.com DNS:isepsn04.company.com DNS:isesponsor.company.com DNS:isemydevice.company.com
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2018 04:13 PM
This cert will be able to be installed on all of your nodes, no need for a CSR per node or a different cert per node.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2018 04:13 PM
This cert will be able to be installed on all of your nodes, no need for a CSR per node or a different cert per node.
