Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
0
Helpful
3
Replies

ISE Certificate

mandhir_mehta
Level 1
Level 1

‎05-16-2016 03:38 AM - edited ‎03-10-2019 11:46 PM

Hi Mate,

I am deploying new Cisco appliance 3495 with pre-installed image 2.0. I have run setup and configured with IP address and hostname (ISETEST) but later changed the hostname of the ISE. My query is regarding the pre-installed certificates.

Certificate Services Node CA - ISETEST#00002

Certificate Services OCSP Responder -ISETEST #00004

Certificate Services Endpoint Sub CA - ISETEST#00001

However after change in the hostname these certificates seems to be associated with old hostname. Do hostname change have any impact with respect to any component.

Quick response will be highly appreciated.

Regards,

Mandhir Mehta

Labels:
0 Helpful
3 Replies 3

nspasov
Cisco Employee
Cisco Employee

‎05-16-2016 11:25 PM

Hello Mandhir-

Are you using any of those certificates for anything in your ISE deployment? For instance:

- EAP based authentications

- Web Portals (Guest, Sponsor, Client Provisioning, etc)

If not, then I don't see how this would impact your deployment immediately. However, it is best practice to re-generate those certificates so they reflect the correct FQDN. Also, you should make sure that the following are also correct:

- DNS records to reflect the new FQDN

- AD computer objects reflect the new ISE names

I hope this helps!

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful

mandhir_mehta
Level 1
Level 1
In response to nspasov

‎05-17-2016 02:44 AM

Hi Neno,

Thanks for your response.

But these certificates were pre-installed in the ISE appliance and dont know from where to re-generate these certificates. Can you help with this, if anything information is required please let me know

  Yes, I am going to use below functionality in my deployment. 

- EAP based authentications

- Web Portals (Guest, Sponsor, Client Provisioning, etc)

Regards,

Mandhir Mehta

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to mandhir_mehta

‎05-18-2016 08:30 AM

To re-generate the certificates go to:

Administration > System > Certificates > System Certificates > Generate Self Signed Certificate

This process will generate you new certificates and will replace the existing ones. Please note that your nodes will reload during this process so you should plan this during a maintenance window.

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful
Customers Also Viewed These Support Documents