Solved: Re: PxGrid Certificate renewal

kostasthedelegate · ‎07-23-2021

Hello,

I have pxgrid integration btw FMC and ISE

I see that the certificate is expired

I see that ISE is the CA

As I can understand I have to create a CSR for the FMC (externally and not in FMC) and sign it through ISE, right?

How will I submit the CSR in ISE in order to sign it?

Thanks and regards,

Konstantinos

Rob Ingram · ‎07-23-2021

@kostasthedelegate

If you are using ISE as the CA to sign the pxgrid certificate you don't need to generate a CSR, you can create the signed certificate using the ISE certificate portal - the output will be the signed certificate, private key and signing chain, which can then import to the FMC.

https://community.cisco.com/t5/security-documents/how-to-configure-pxgrid-in-ise-production-environments-pxgrid-1/ta-p/3646330

https://www.ciscopress.com/articles/article.asp?p=2963461&seqNum=2

View solution in original post

Rob Ingram · ‎07-23-2021

@kostasthedelegate

If you are using ISE as the CA to sign the pxgrid certificate you don't need to generate a CSR, you can create the signed certificate using the ISE certificate portal - the output will be the signed certificate, private key and signing chain, which can then import to the FMC.

https://community.cisco.com/t5/security-documents/how-to-configure-pxgrid-in-ise-production-environments-pxgrid-1/ta-p/3646330

https://www.ciscopress.com/articles/article.asp?p=2963461&seqNum=2

kostasthedelegate · ‎07-23-2021

Thank you for the immediate answer

Yes the ISE is the CA

As I understand the certificate portal is at this location Administration > pxGrid Services > Certificates

Rob Ingram · ‎07-23-2021

Correct, see figure 6-13 in the ciscopress link I provided.