I have a ISE version : 22.214.171.124
1x primary PAN and secondary MNT
1x secondary PAN and primary MNT
2 X PSN
I need to do ISE certificate renewal on the 4 nodes for HTTPS
I have done CSR binding/import the new certs into the 4 nodes without HTTPS enabled. My questions are
1. when I enable HTTPS, a service restart will happen. What happens after a service restart? Will the secondary PAN become the primary?
2. what is the best order to enable https on the 4 nodes, PAN -> MNT -> PSN? Do I need to wait until one comes back then do another one?
3. what is the service restart time?
Go to Solution.
You should start the certificate renewal with 1 of the PSNs first so that your other PSN is available.
You should then renew the secondary node , wait for it to come back. promote it to primary and then renew the Primary node.
Hope this helps.
View solution in original post
Many thanks, Nidhi!
Just wondering, how long a service restart would take so that I know what to expect?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: