04-16-2020 03:26 AM
Hello
So on our Guest Protal we are runing a Cert, and we just updated it.
If you go to Administration -> Certificates -> System Certificets and see it there.
But if you as a guest client access our portal you will see the old Certificet
i have rebooted the servers.
any ides?
Solved! Go to Solution.
05-27-2020 03:31 PM
Do you have a load balancer sitting in front of the PSNs? The only time I've seen this same scenario in the past is when a customer had a load balancer that was breaking the SSL and replacing the cert before sending it to the client.
If there's no load balancer, please provide more information about your environment such as number of PSNs, patch level, etc.
Confirm that all PSNs are showing syncronised on the Administration > System > Deployment page.
Did you use the "Portal test URL" option suggested by @Anurag Sharma to confirm which certificate is presented?
04-16-2020 08:07 AM
When you added the new certificate, did you assign the proper certificate portal group tag to it? You can also double check your Guest portal configuration to ensure it is still configured to use the correct portal group tag.
04-16-2020 11:15 AM
Hi @Niklas.D ,
Can you please double check the tag on the new certificate (as @Colby LeMaire mentioned) ?
Can you please do a Test Portal URL and check which certificate it's showing?
How many nodes do you have and on which patch on 2.6?
05-26-2020 11:50 PM
Sorry for the late replay as Corona hit the need to drive this case was dimnish, yes i have assaigned the correct tag on it.
Guest Portal, and also the Portal has the same selected.
05-27-2020 03:31 PM
Do you have a load balancer sitting in front of the PSNs? The only time I've seen this same scenario in the past is when a customer had a load balancer that was breaking the SSL and replacing the cert before sending it to the client.
If there's no load balancer, please provide more information about your environment such as number of PSNs, patch level, etc.
Confirm that all PSNs are showing syncronised on the Administration > System > Deployment page.
Did you use the "Portal test URL" option suggested by @Anurag Sharma to confirm which certificate is presented?
06-26-2020 01:54 AM
There was a Citrix loadbalancer,
and the system hade not syncronised !
thank you for the help!
05-27-2020 06:19 PM
For the PSN that is presenting the guest portal, if you go to System Certificates page, for this specific PSN does it show the correct certificate and is it assigned the correct tag? Could you have updated the certificate on the admin node, but not on the psn node that is presenting the portal? I would suggest as a test to re-add the certificate again.
Recently, on ISE 2.6 I updated a public wildcard certificate used for guest and admin portals, and it showed all nodes with the new cert, but one of my psn's that had the guest portal was still presenting the old certificate. I can't remember exactly what I did, but it might have been the application restart on this psn was taking a long time due to the same cert being used by the admin portal.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide