Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
271
Views
0
Helpful
1
Replies

ISE Certificate Lost on Upgrade

James Davies
Level 1
Level 1

‎09-09-2016 04:06 AM - edited ‎03-11-2019 12:03 AM

I tried to upgrade a secondary node, from 1.1.1 to  1.2 and it failed, so I wiped the ISE application data and rejoined it to my deployment so everything was back the way it was. Unfortunately I didnt have a copy of the signed cert used for EAP on the Node 2,

I managed to get hold of the cert that was issued from the Root issuer, but how can I import this onto the secondary unit? all the documentation refers to adding certs to the primary? I dont need to do that, the primary is fine?

Any suggestions?

Labels:
0 Helpful
1 Reply 1

Joseph Johnson
Level 1
Level 1

‎09-09-2016 07:37 AM

Was it a wildcard or server specific certificate? In order to import the certificate, one of the following must be true:

  1. A CSR (certificate signing request) must exist on the server for the certificate.
  2. You must have the private key that corresponds to the certificate.

If it is a wildcard, you can export the cert and private key from another node and import it to the node you had to reload.

If it is a server specific certificate and you don't have a copy of the private key, you will need to request a new certificate as you won't be able to import the certificate.

That's probably not the answer you were hoping for. For future upgrades, be sure to obtain a backup of the certificate and private key (not just the certificate) from each node before you begin. It will save you from this kind of situation.

0 Helpful
Customers Also Viewed These Support Documents