cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
320
Views
0
Helpful
2
Replies

ISE certificate renewal

zhilimailbox
Beginner
Beginner

I have a ISE  version : 1.2.1.198

1x primary PAN  and secondary MNT

1x secondary PAN and primary MNT

2 X PSN

 

I need to do ISE certificate renewal on the 4 nodes for HTTPS

 

I have done CSR binding/import the new certs into the 4 nodes without HTTPS enabled. My questions are

1. when I enable HTTPS, a service restart will happen. What happens after a service restart? Will the secondary PAN become the primary?

2. what is the best order to enable https on the 4 nodes, PAN -> MNT -> PSN? Do I need to wait until one comes back then do another one?

3. what is the service restart time?

Many thanks,

1 Accepted Solution

Accepted Solutions

Nidhi
Cisco Employee
Cisco Employee

Hello,

You should start the certificate renewal with 1 of the PSNs first so that your other PSN is available. 

You should then renew the secondary node , wait for it to come back. promote it to primary and then renew the Primary node. 

Hope this helps. 

Thanks,

Nidhi 

 

 

View solution in original post

2 Replies 2

Nidhi
Cisco Employee
Cisco Employee

Hello,

You should start the certificate renewal with 1 of the PSNs first so that your other PSN is available. 

You should then renew the secondary node , wait for it to come back. promote it to primary and then renew the Primary node. 

Hope this helps. 

Thanks,

Nidhi 

 

 

Many thanks, Nidhi!

Just wondering, how long a service restart would take so that I know what to expect?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers