cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

273
Views
5
Helpful
5
Replies
Highlighted
Beginner

ISE 2.6 Admin Cert Renewal

Has anyone had experience with renewing their Admin Certificate on an ISE 2.6 distributed deployment ?

 

We currently have a 12 node deployment and the Admin Cert has just expired. We need to renew the Cert and was wondering about the impact of doing this? Will every node restart its services?

 

Also what procedure did you follow when you renewed the Certificate and generated the CSR? Did you generate a CSR for each node at a time and can all the details in the CSR be the same?

 

thanks

Everyone's tags (5)
5 REPLIES 5
Highlighted
VIP Mentor

Re: ISE 2.6 Admin Cert Renewal

Depends on how many node deployment is this.

 

if 2 nodes you update on secondary node and promote to primary

then primary (become secondary, ) and update the cert other node.

 

So less impacts.

 

BB
*** Rate All Helpful Responses ***
Highlighted
Beginner

Re: ISE 2.6 Admin Cert Renewal

We have twelve nodes and 4 Admin cert are about to expire.

 

I will be updating each nodes Admin Cert..

 

just unsure of the impact 

Highlighted
VIP Advisor

Re: ISE 2.6 Admin Cert Renewal

What services are configured?
Highlighted
VIP Mentor

Re: ISE 2.6 Admin Cert Renewal

you can do one at a time you should be good.

BB
*** Rate All Helpful Responses ***
Highlighted
VIP Advisor

Re: ISE 2.6 Admin Cert Renewal

Hi,

1. Yes, the service will restart on each node once the certificate is
installed
2. You can generate the CSRs one time from the primary PAN for all nodes.
You can select this from the drop down
3. If you have redundant PANs, then you can start with any node and
failover will take care of availability. You can import the certs for all
nodes from primary PAN.

**** please remember to rate useful posts