09-12-2016 05:21 AM - edited 03-11-2019 12:04 AM
Had to rebuild our ISE Primary and Secondary (HA) appliances due to hardware failure. At this time I upgraded the disk capacity with mirrored drives with HSP. In the rebuild I was unable to use my backup.
So my question is: must I generate a new Certificate Signing Request (CSR) to get my certs to bind properly?
Thanks,
Dave
Solved! Go to Solution.
09-12-2016 03:38 PM
Hi,
When you rebuild ISE server, it will bring self signed cert on it.
You can also join servers with self signed certs.
Make sure self signed of each other needs to be there in trusted store of ISE.
Also config backup doesn't contain system certificates.
Regards
Gagan
PS: rate if it helps!!!!
09-13-2016 12:18 AM
you normally have to export all certs before rebuilding (priv + pub keys for each cert)
if you dont have them you will have regenerate (csr) if you have an external PKI, or use self signed.
If you use self signed, other ISE nodes will have to trust the new certs.
09-12-2016 03:38 PM
Hi,
When you rebuild ISE server, it will bring self signed cert on it.
You can also join servers with self signed certs.
Make sure self signed of each other needs to be there in trusted store of ISE.
Also config backup doesn't contain system certificates.
Regards
Gagan
PS: rate if it helps!!!!
09-13-2016 12:18 AM
you normally have to export all certs before rebuilding (priv + pub keys for each cert)
if you dont have them you will have regenerate (csr) if you have an external PKI, or use self signed.
If you use self signed, other ISE nodes will have to trust the new certs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide