Need help with CN name not updated in Internal CA Certs issue.
I have freshly installed Cisco ISE on 3615 hardware.
No configuration is present on the box and I changed serial number of ISE and restarted the services.
Updated serial number is visible everywhere but not updated in Internal CA certs.
I will be using ISE for Guest Access and TACACS and 3rd part CA will be used for signing the certs.
Will this issue affect any of the services and how can this be resolved.
Thanks in advance.
Go to Solution.
The serial number(s) in your internal CA certificates is completely independent of the serial number(s) of certificates generated by an external CA.
View solution in original post
Thanks for the reply. But I want to confirm regarding the hostname.
Eg: My hostname earlier was 'ABCISE01' but when I changed to 'PQRISE01' still in it's internal CA cert it is showing as 'ABCISE01'.
Any idea on how can I update the same.
You mean to say Subject Name, and not Serial Number (because you can't change the ISE serial number ;-)
You have to generate a self signing request on your renamed ISE node and then your internal CA will be alright.
Administration > Certificates > Certificate Signing Requests
Click on Generate CRS - then select "ISE Root CA"
this is not disruptive. It will regenerate the internal CA Root, Node, and Issuing CA certs.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: