Cisco Community
English
Register
ANNOUNCEMENT - Upcoming Changes in the email address of Community email notifications - LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

273
Views
5
Helpful
5
Replies
Highlighted
x00008037
Beginner
Beginner
‎05-18-2020 09:23 PM
‎05-18-2020 09:23 PM

ISE 2.6 Admin Cert Renewal

Has anyone had experience with renewing their Admin Certificate on an ISE 2.6 distributed deployment ?

 

We currently have a 12 node deployment and the Admin Cert has just expired. We need to renew the Cert and was wondering about the impact of doing this? Will every node restart its services?

 

Also what procedure did you follow when you renewed the Certificate and generated the CSR? Did you generate a CSR for each node at a time and can all the details in the CSR be the same?

 

thanks

Everyone's tags (5)
0 Helpful
Reply
5 REPLIES 5
Highlighted
balaji.bandi
VIP Mentor VIP Mentor
VIP Mentor
‎05-18-2020 11:57 PM
‎05-18-2020 11:57 PM

Re: ISE 2.6 Admin Cert Renewal

Depends on how many node deployment is this.

 

if 2 nodes you update on secondary node and promote to primary

then primary (become secondary, ) and update the cert other node.

 

So less impacts.

 

BB
*** Rate All Helpful Responses ***
0 Helpful
Reply
Highlighted
x00008037
Beginner
Beginner
‎05-19-2020 12:13 AM
‎05-19-2020 12:13 AM

Re: ISE 2.6 Admin Cert Renewal

We have twelve nodes and 4 Admin cert are about to expire.

 

I will be updating each nodes Admin Cert..

 

just unsure of the impact 

0 Helpful
Reply
Highlighted
Mohammed al Baqari
VIP Advisor VIP Advisor
VIP Advisor
‎05-19-2020 04:22 AM
‎05-19-2020 04:22 AM

Re: ISE 2.6 Admin Cert Renewal

What services are configured?
0 Helpful
Reply
Highlighted
balaji.bandi
VIP Mentor VIP Mentor
VIP Mentor
‎05-19-2020 04:32 PM
‎05-19-2020 04:32 PM

Re: ISE 2.6 Admin Cert Renewal

you can do one at a time you should be good.

BB
*** Rate All Helpful Responses ***
0 Helpful
Reply
Highlighted
Mohammed al Baqari
VIP Advisor VIP Advisor
VIP Advisor
‎05-19-2020 03:33 AM
‎05-19-2020 03:33 AM

Re: ISE 2.6 Admin Cert Renewal

Hi,

1. Yes, the service will restart on each node once the certificate is
installed
2. You can generate the CSRs one time from the primary PAN for all nodes.
You can select this from the drop down
3. If you have redundant PANs, then you can start with any node and
failover will take care of availability. You can import the certs for all
nodes from primary PAN.

**** please remember to rate useful posts
Reply
Latest Contents
What information is shared when I log into SecureX with Micr...
Created by diddly on 07-03-2020 04:05 PM
0
0
0
0
Question When I log into SecureX, I'm given an option to Sign in with MIcrosoft. What information is shared from my profile with Cisco? Answer 1. If you signed in with your work email, the information shared from your profile is controlled by your or... view more
Using Stealthwatch to Monitor IOT devices for exploitation, ...
Created by pejohns2 on 07-02-2020 09:08 AM
0
0
0
0
Stealthwatch Enterprise can be leveraged to monitor vulnerable devices, and alert on potential exploitation by bad actors looking to exploit Ripple20 and other potential vulnerabilities. Note that the concepts and procedures outlined here can be used for... view more
Using Stealthwatch to monitor and alert on suspicious/out-of...
Created by pejohns2 on 07-02-2020 06:23 AM
0
0
0
0
The following is useful to those entities interested in monitoring appropriate usage of Cisco WebEx resources within their environments, as well as those interested in tracking additional metrics around usage of the WebEx service. The relevant supporting... view more
Activated the SecureX ribbon with the wrong account in AMP, ...
Created by diddly on 07-01-2020 05:15 PM
0
0
0
0
Question I'm using AMP, and when I activated the SecureX Ribbon, I mistakenly used the wrong account to connect to SecureX. Now my SecureX Ribbon is connected to the wrong account. How do I fix it? Answer You can clear the SecureX Authorizatio... view more
Activated the SecureX ribbon with the wrong login account in...
Created by diddly on 07-01-2020 11:00 AM
0
0
0
0
Question I'm using Umbrella, and when I activated the Ribbon, I mistakenly used the wrong account to connect to SecureX. Now my SecureX Ribbon is connected to the wrong account. How do I fix it? Answer You can clear the SecureX Authorization for t... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Cisco Community April 2020 Spotlight Award Winners

Follow our Social Media Channels