cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1740
Views
5
Helpful
5
Replies

ISE 2.6 Admin Cert Renewal

x00008037
Level 1
Level 1

Has anyone had experience with renewing their Admin Certificate on an ISE 2.6 distributed deployment ?

 

We currently have a 12 node deployment and the Admin Cert has just expired. We need to renew the Cert and was wondering about the impact of doing this? Will every node restart its services?

 

Also what procedure did you follow when you renewed the Certificate and generated the CSR? Did you generate a CSR for each node at a time and can all the details in the CSR be the same?

 

thanks

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

Depends on how many node deployment is this.

 

if 2 nodes you update on secondary node and promote to primary

then primary (become secondary, ) and update the cert other node.

 

So less impacts.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

We have twelve nodes and 4 Admin cert are about to expire.

 

I will be updating each nodes Admin Cert..

 

just unsure of the impact 

What services are configured?

you can do one at a time you should be good.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi,

1. Yes, the service will restart on each node once the certificate is
installed
2. You can generate the CSRs one time from the primary PAN for all nodes.
You can select this from the drop down
3. If you have redundant PANs, then you can start with any node and
failover will take care of availability. You can import the certs for all
nodes from primary PAN.

**** please remember to rate useful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: