05-19-2022 01:16 AM - edited 05-19-2022 01:17 AM
Hi,
I need to renew Admin / EAP / PxGRid certificates on my ISE deployment (2 PAN / 2PSN), that would expire at the same date
I've been throught this article
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217191-configuration-guide-to-certificate-renew.html#anc9
I understand that I can pre-install the new Certificates before the expiration.(status will be Not In Use)
To activate the new ones, does it mean we have to:
- few days before expiration, Edit the new cert, tick the corresponding Usage
- Apply
- Restart Services (if Admin)
Is there an order to follow?
I would start with the EAP certs since there will be no service restart then Admin certs.
Then what about the Admin cert?
- Should we do first the Primary PAN / Secondary PAN or PSN?
All certs are signed by an internal CA
Thanks
Solved! Go to Solution.
05-20-2022 07:33 AM
Your plan should work fine, just be mindful of the service restart for the admin certificate.
05-19-2022 05:53 AM
Are you planning on using separate certificates for EAP and admin now? I would personally activate both roles during the same maintenance window but it really shouldn't matter the order here. Just keep in mind the service restarts.
05-20-2022 06:35 AM
Hi,
No Admin, EAP and PxGrid certificates are all different
05-20-2022 07:33 AM
Your plan should work fine, just be mindful of the service restart for the admin certificate.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: