08-21-2018 11:26 PM - edited 03-11-2019 01:48 AM
Hi all
I tried use ISE to generate CSR for customer renew their public signed certificate, when i choose all nodes of checkbox, it will generate CSR for each node, so when i download it i saw multiple CSR, is it correct?
Subject field
• CN=ise.abcde.com
• OU=IT
• O=ABCDE
• L=Hong Kong
• C=HK
Subject Alternative Name (SAN) field
• DNS Name: ise.abcde.com
• DNS Name: ise01.abcde.com
• DNS Name: ise02.abcde.com
• DNS Name: ise03.abcde.com
Signature Algorithm
• SHA256
Key Length
• 2048
Solved! Go to Solution.
08-23-2018 01:07 AM
Hi
I recently done a similar csr for a 5 node 2.3 deployment - when you choose "all nodes" a csr is created for all nodes.
As my csr was for a single certificate for all 5 nodes (cn=radius.example.com with the 5 node's hostnames as SANs) I submitted 1 of these csrs to be signed. When I got the signed certificate back I imported it and bound it to the ISE node the csr came from.
I then exported this certificate/key and imported it onto the other ISE nodes.
Cheers
Andy
08-23-2018 01:07 AM
Hi
I recently done a similar csr for a 5 node 2.3 deployment - when you choose "all nodes" a csr is created for all nodes.
As my csr was for a single certificate for all 5 nodes (cn=radius.example.com with the 5 node's hostnames as SANs) I submitted 1 of these csrs to be signed. When I got the signed certificate back I imported it and bound it to the ISE node the csr came from.
I then exported this certificate/key and imported it onto the other ISE nodes.
Cheers
Andy
08-28-2018 10:06 AM - edited 08-28-2018 10:24 AM
Hi Andy,
Thanks for information, seems rest of the CSRs is not necessary from your experience.
Did you also renew existing public certificate?
08-28-2018 02:10 PM
Hi
Originally, the ISE nodes each had a separate certificate with unique cn e.g. ise-psn.example.com which was used for EAP/admin. The new single certificate with cn=radius.example.com (with all the ISE nodes hostnames as SANs) replaced all the old certificates so it wasn't technically a certificate renewal.
Cheers
Andy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide