12-13-2023 11:42 AM
I have ISE deployment using a multi-use certificate for admin, portal, EAP, pxGrid, Radius DTLS. The deployment consists of approximately 20 ISE nodes.
I've generated the CSR on the pimary PAN with the SANS section populated with the FQDN of the other nodes. I am planning on binding the new certificate to the CSR on the PAN and then exporting the new certificate and private key file from the PAN and importing it into the other nodes (via the GUI on the PAN).
I have a few concerns/questions:
1) When I bind the cert to the CSR, do I choose all the usage options of the old certificate (admin, portal, EAP, pxGrid, Radius DTLS)?
2) If I choose the admin option when I bind the certificate to the CSR will this break the communication between the primary PAN and the other devices?
3) I found one document that said do not choose the admin option when you bind the cert to the CSR. So at what point would I then edit the cert usage? immediately after binding it to CSR or after I've imported the cert and key into all the other devices?
4) Will the changing the admin cert cause and ISE application restart on every node?
Solved! Go to Solution.
12-13-2023 02:04 PM
check below guide for renew certs :
12-13-2023 02:04 PM
check below guide for renew certs :
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide