cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

721
Views
5
Helpful
5
Replies
Highlighted
Beginner

ISE 2.6 Admin Cert Renewal

Has anyone had experience with renewing their Admin Certificate on an ISE 2.6 distributed deployment ?

 

We currently have a 12 node deployment and the Admin Cert has just expired. We need to renew the Cert and was wondering about the impact of doing this? Will every node restart its services?

 

Also what procedure did you follow when you renewed the Certificate and generated the CSR? Did you generate a CSR for each node at a time and can all the details in the CSR be the same?

 

thanks

5 REPLIES 5
Highlighted
VIP Expert

Depends on how many node deployment is this.

 

if 2 nodes you update on secondary node and promote to primary

then primary (become secondary, ) and update the cert other node.

 

So less impacts.

 



BB


*** Rate All Helpful Responses ***

Highlighted

We have twelve nodes and 4 Admin cert are about to expire.

 

I will be updating each nodes Admin Cert..

 

just unsure of the impact 

Highlighted

What services are configured?
Highlighted

you can do one at a time you should be good.



BB


*** Rate All Helpful Responses ***

Highlighted
VIP Advisor

Hi,

1. Yes, the service will restart on each node once the certificate is
installed
2. You can generate the CSRs one time from the primary PAN for all nodes.
You can select this from the drop down
3. If you have redundant PANs, then you can start with any node and
failover will take care of availability. You can import the certs for all
nodes from primary PAN.

**** please remember to rate useful posts
Content for Community-Ad