Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
0
Helpful
1
Replies

ISE Distributed Deployment Admin Certificate Renewal

Go to solution
cherie13653
Level 1
Level 1

‎12-13-2023 11:42 AM

I have ISE deployment using a multi-use certificate for admin, portal, EAP, pxGrid, Radius DTLS. The deployment consists of approximately 20 ISE nodes.

I've generated the CSR on the pimary PAN with the SANS section populated with the FQDN of the other nodes. I am planning on binding the new certificate to the CSR on the PAN and then exporting the new certificate and private key file from the PAN and importing it into the other nodes (via the GUI on the PAN).

I have a few concerns/questions:

1) When I bind the cert to the CSR, do I choose all the usage options of the old certificate (admin, portal, EAP, pxGrid, Radius DTLS)?

2) If I choose the admin option when I bind the certificate to the CSR will this break the communication between the primary PAN and the other devices?

3) I found one document that said do not choose the admin option when you bind the cert to the CSR. So at what point would I then edit the cert usage? immediately after binding it to CSR or after I've imported the cert and key into all the other devices?

4) Will the changing the admin cert cause and ISE application restart on every node?

0 Helpful
1 Accepted Solution

Accepted Solutions
1 Reply 1
Customers Also Viewed These Support Documents