cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
527
Views
0
Helpful
1
Replies

Re-generating CSR for MNT node

nayashai@cisco.com
Cisco Employee
Cisco Employee

Hi Team,

I have deployed internal signed certificates for Primary MNT, Secondary MNT, Primary PxGrid and Secondary PxGrid Nodes. I used the pxGrid CA template for signing the requests to pxGrid nodes and webserver template for MNT nodes. After i had a discussion with pxGrid TME, he told me to use the pxGrid template for MNT nodes for successful pxGrid setup. The error/issue i am getting here when i tried to generate a new CSR for the MNT nodes, it is throwing an error. And i tried to delete the existing CSR signed certificate from system certificate tab. And one more point, i raised the previous CSR requests from the cluster and not while in standalone node. Screen Shot 2017-09-12 at 2.50.09 PM.pngScreen Shot 2017-09-12 at 2.52.08 PM.png

1 Reply 1

hslai
Cisco Employee
Cisco Employee

Are you unable to add O or OU field to make the CSR not conflicting with the existing one(s)? That should have worked.

That is, each system certificate in ISE needs a unique "Subject", which combining CN, O, OU, etc. And, we can't delete a certificate that is in-use as a protection for referential integrity.