03-14-2023 07:36 AM
I just tried a "reset-config" on a ISE 3615 physical server, to change the default domain name. It is a standalone node ready to be tested, so no impact on any services.
It promises me the following:
isedemo/admin# reset-config
% WARNING: This option will allow you to reset all networking settings, hostname,
% domain name, NTP servers and the timezone. Updating the hostname will cause
% any certificate using the old hostname to become invalid. A new self-signed
% certificate using the new hostname will be generated now for use with HTTPS/
% EAP. If CA-signed certs were used on this node, please import the new ones
% with the correct hostname. In addition, if the node is part of an AD domain,
% please delete any AD memberships before proceeding.
%
I see that the domain name is changed, but I still see the System Certificates with the previous domain name. How is this possible, as I read it the command will change this as well.
How would I do it by hand?
03-14-2023 07:39 AM
EDIT: i do see the Default Self Signed Server Certificate changed to the new domain name.
However, SAML, ISE Messaging Services and PxGrid are still attached to the old domain name. How do I change this by hand?
03-14-2023 02:47 PM
If you just want to replace the existing certs with new self-signed certificates with the new FQDN, you would need to generate new self-signed certificates for those functions.
See the Admin Guide for info on generating self-signed certificates.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide