Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
610
Views
1
Helpful
3
Replies

ISE system certificates renewal

Da ICS16
Level 1
Level 1

‎08-22-2024 02:44 AM - last edited on ‎08-23-2024 10:39 AM by Cisco Employee

Dear Cisco community,

We are planning to ISE renewal certificates "System Certificates".

There are 3 Nodes of deployment nodes ( PAN, 2nd Node, pxGrid node ).

Could you share process to renewal it?

Remark:

- ISE "Trusted Certificates" is not expired.

- ISE integrate with AD

Thanks,

 

0 Helpful
3 Replies 3

ammahend
VIP Alumni
VIP Alumni

‎08-22-2024 02:58 AM - edited ‎08-22-2024 03:04 AM

call TAC and get their help if you have never done it before.

basically you have 2 ways and depends on how you issue certs, some people do it individually per node, some people do a single cert with multiple SAN (subject alternative name) which is more common for small deployment.

Basically you will generate a new CSR, add SAN fields with fqdn of each nodes (up to 5 allowed per cert), export the CSR, get is signed by the same CA for which you have trusted certificate, bind the signed certificate with CSR, then export the certificate with private key and import in rest of the node one by one. 

more details here

-hope this helps-

Da ICS16
Level 1
Level 1
In response to ammahend

‎08-22-2024 08:14 AM

Hello @ammahend,

Thanks for commend.

 

0 Helpful

Da ICS16
Level 1
Level 1
In response to ammahend

‎08-29-2024 11:33 PM

Hello @ammahend ,

Based on your experience, is there any impact to endpoint PCs and MAB or not if perform renewal only ISE "System Certificates" ?

 

thanks for your supporting.

0 Helpful
Customers Also Viewed These Support Documents