01-20-2019 09:48 PM
I have a ISE version : 1.2.1.198
1x primary PAN and secondary MNT
1x secondary PAN and primary MNT
2 X PSN
I need to do ISE certificate renewal on the 4 nodes for HTTPS
I have done CSR binding/import the new certs into the 4 nodes without HTTPS enabled. My questions are
1. when I enable HTTPS, a service restart will happen. What happens after a service restart? Will the secondary PAN become the primary?
2. what is the best order to enable https on the 4 nodes, PAN -> MNT -> PSN? Do I need to wait until one comes back then do another one?
3. what is the service restart time?
Many thanks,
Solved! Go to Solution.
01-20-2019 10:11 PM
Hello,
You should start the certificate renewal with 1 of the PSNs first so that your other PSN is available.
You should then renew the secondary node , wait for it to come back. promote it to primary and then renew the Primary node.
Hope this helps.
Thanks,
Nidhi
01-20-2019 10:11 PM
Hello,
You should start the certificate renewal with 1 of the PSNs first so that your other PSN is available.
You should then renew the secondary node , wait for it to come back. promote it to primary and then renew the Primary node.
Hope this helps.
Thanks,
Nidhi
01-21-2019 01:10 AM
Many thanks, Nidhi!
Just wondering, how long a service restart would take so that I know what to expect?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: