Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
456
Views
0
Helpful
2
Replies

ISE certificate renewal

Go to solution
zhilimailbox
Level 1
Level 1

‎01-20-2019 09:48 PM

I have a ISE  version : 1.2.1.198

1x primary PAN  and secondary MNT

1x secondary PAN and primary MNT

2 X PSN

 

I need to do ISE certificate renewal on the 4 nodes for HTTPS

 

I have done CSR binding/import the new certs into the 4 nodes without HTTPS enabled. My questions are

1. when I enable HTTPS, a service restart will happen. What happens after a service restart? Will the secondary PAN become the primary?

2. what is the best order to enable https on the 4 nodes, PAN -> MNT -> PSN? Do I need to wait until one comes back then do another one?

3. what is the service restart time?

Many thanks,

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎01-20-2019 10:11 PM

Hello,

You should start the certificate renewal with 1 of the PSNs first so that your other PSN is available. 

You should then renew the secondary node , wait for it to come back. promote it to primary and then renew the Primary node. 

Hope this helps. 

Thanks,

Nidhi 

 

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎01-20-2019 10:11 PM

Hello,

You should start the certificate renewal with 1 of the PSNs first so that your other PSN is available. 

You should then renew the secondary node , wait for it to come back. promote it to primary and then renew the Primary node. 

Hope this helps. 

Thanks,

Nidhi 

 

 

0 Helpful

Go to solution
zhilimailbox
Level 1
Level 1
In response to Nidhi

‎01-21-2019 01:10 AM

Many thanks, Nidhi!

Just wondering, how long a service restart would take so that I know what to expect?

0 Helpful
Customers Also Viewed These Support Documents