Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
2
Replies

ISE certs and importing trusted certs from the existing deployment.

NetworkMonkey101
Level 1
Level 1

‎11-27-2023 03:00 PM

I am in the process of deploying two new ISE nodes for monitoring purposes only. I have created the system certificates to be signed externally but an LLD I am working from states "Trusted Certs will be imported from the existing deployment as needed"

How is it best to ascertain which trusted certs from the PAN node require importing and what if any changes should be made to those trusted certs during the import?

Thanks for your help.

0 Helpful
2 Replies 2

ahollifield
VIP
VIP

‎11-28-2023 05:33 AM

"for monitoring purposes only" - what do you mean?  Wired monitor mode?  Context visibility only?  Something else?

You need to import whatever certificate chain is going to sign the CSR into the Trusted Certificates store.  Once you join the new nodes to the PAN, the rest of the trusted certificates will copy.

0 Helpful

ammahend
VIP Alumni
VIP Alumni

‎11-28-2023 05:50 AM - edited ‎11-28-2023 05:51 AM

You cannot make changes to trusted certificate other than friendly name, Some of the certificates are pre-imported into  trust certificate store on ISE you just need to compare with the current Deployment and import the rest.

-hope this helps-
0 Helpful
Customers Also Viewed These Support Documents