Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1198
Views
0
Helpful
2
Replies

ISE Rebuild - Cert Question

Go to solution
dmooregfb
Level 5
Level 5

‎09-12-2016 05:21 AM - edited ‎03-11-2019 12:04 AM

Had to rebuild our ISE Primary and Secondary (HA) appliances due to hardware failure. At this time I upgraded the disk capacity with mirrored drives with HSP. In the rebuild I was unable to use my backup.

So my question is: must I generate a new Certificate Signing Request (CSR) to get my certs to bind properly?

Thanks,

Dave

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee

‎09-12-2016 03:38 PM

Hi,

When you rebuild ISE server, it will bring self signed cert on it.

You can also join servers with self signed certs.

Make sure self signed of each other needs to be there in trusted store of ISE.

Also config backup doesn't contain system certificates.

Regards

Gagan

PS: rate if it helps!!!!

View solution in original post

0 Helpful

Go to solution
egodalisse
Level 1
Level 1

‎09-13-2016 12:18 AM

you normally have to export all certs before rebuilding (priv + pub keys for each cert)

if you dont have them you will have regenerate (csr) if you have an external PKI, or use self signed.

If you use self signed, other ISE nodes will have to trust the new certs.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee

‎09-12-2016 03:38 PM

Hi,

When you rebuild ISE server, it will bring self signed cert on it.

You can also join servers with self signed certs.

Make sure self signed of each other needs to be there in trusted store of ISE.

Also config backup doesn't contain system certificates.

Regards

Gagan

PS: rate if it helps!!!!

0 Helpful

Go to solution
egodalisse
Level 1
Level 1

‎09-13-2016 12:18 AM

you normally have to export all certs before rebuilding (priv + pub keys for each cert)

if you dont have them you will have regenerate (csr) if you have an external PKI, or use self signed.

If you use self signed, other ISE nodes will have to trust the new certs.

0 Helpful
Customers Also Viewed These Support Documents