cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
663
Views
0
Helpful
2
Replies

ISE reset-config system certificates

axeleratorcisco
Level 1
Level 1

I just tried a "reset-config" on a ISE 3615 physical server, to change the default domain name. It is a standalone node ready to be tested, so no impact on any services.

 

It promises me the following:

isedemo/admin# reset-config

% WARNING: This option will allow you to reset all networking settings, hostname,

% domain name, NTP servers and the timezone. Updating the hostname will cause

% any certificate using the old hostname to become invalid. A new self-signed

% certificate using the new hostname will be generated now for use with HTTPS/

% EAP. If CA-signed certs were used on this node, please import the new ones

% with the correct hostname. In addition, if the node is part of an AD domain,

% please delete any AD memberships before proceeding.

%

 

I see that the domain name is changed, but I still see the System Certificates with the previous domain name. How is this possible, as I read it the command will change this as well.

How would I do it by hand?

2 Replies 2

axeleratorcisco
Level 1
Level 1

EDIT: i do see the Default Self Signed Server Certificate changed to the new domain name.

However, SAML, ISE Messaging Services and PxGrid are still attached to the old domain name. How do I change this by hand?

Greg Gibbs
Cisco Employee
Cisco Employee

If you just want to replace the existing certs with new self-signed certificates with the new FQDN, you would need to generate new self-signed certificates for those functions.

See the Admin Guide for info on generating self-signed certificates.