We need to renew internal root certificate. When i try to import the new root certificate, it gives an alert
“A certificate with the the same private key has already been imported. In some situations, it may be necessary to import a duplicate certificate in ISE, for example, when a certificate is renewed in Microsoft CA Services without replacing the private key. If you proceed, the existing certificate will be replaced. Do you wish to replace the existing certificate?”.
If it replaces the old root certificate with the new one, do we need to renew the certificates that installed on the nodes used for EAP, admin, portal etc. ?
If you renewed the CA certificate without changing the private key, the certificates signed by the previous CA will still trust the new Root CA cert. The serial number of the Root cert will change, but if you look at the identity certificates, they should still show that 'Certificate status is good'.
As long as the private key has not changed, it should not affect the certificate trust. However, if your identity certificates are also using SHA1, you should also replace them with new SHA256 certificates to increase the level of security.