07-15-2025 04:48 AM
I am setting up a number of servers as pxGrid clients and I have a couple of questions about what's possible and what's best practice.
1. Is it possible to generate a client/server certificate using a private key generated locally on the server?
2. All the documentation I've seen up till now describes renewing the client/server certificate from the GUI. Are there any facilities for automating this?
Thanks
Solved! Go to Solution.
07-15-2025 03:08 PM
1. If you're talking about a private key generated on an external server, then yes. You can generate a private key and CSR on an external server, have it signed by your CA (using a template with both the Client and Server Auth EKUs), then import the key and signed certificate into ISE for the pxGrid usage.
On ISE directly, you can only generate the CSR (which generates the private key stored internally). Only after binding the signed certificate to the CSR in ISE are you able to export the private key (with the certificate).
2. Yes, there are APIs and IaC tools (Ansible, Terraform) for performing the same Certificate operations as in the GUI.
https://developer.cisco.com/docs/identity-services-engine/latest/certificate-openapi/
07-15-2025 03:08 PM
1. If you're talking about a private key generated on an external server, then yes. You can generate a private key and CSR on an external server, have it signed by your CA (using a template with both the Client and Server Auth EKUs), then import the key and signed certificate into ISE for the pxGrid usage.
On ISE directly, you can only generate the CSR (which generates the private key stored internally). Only after binding the signed certificate to the CSR in ISE are you able to export the private key (with the certificate).
2. Yes, there are APIs and IaC tools (Ansible, Terraform) for performing the same Certificate operations as in the GUI.
https://developer.cisco.com/docs/identity-services-engine/latest/certificate-openapi/
07-15-2025 03:57 PM
Thanks, that's clear.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide