Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2034
Views
0
Helpful
1
Replies

Renewing HTTPS Certificate in Cisco ISE

Go to solution
Michael Trip
Level 1
Level 1

‎08-16-2016 12:30 AM - edited ‎03-10-2019 11:59 PM

Hello,

A few months ago a renewed our eap certificate. Now i have to renew the HTTPS certificate. ISE says there will be a "significant" downtime when renewing the certificate.

What is this downtime exactly? Can't users authenticatie through EAP / Radius?  Or is it only the web interface? I can't find any documentation on this matter.

Kind regards,

Michael Trip

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎08-16-2016 06:27 AM

The only downtime you can expect while renewing the HTTPS certificate is:

1. For HTTPS protocol changes, a restart of the ISE services is required, which creates a few minutes of downtime. You will not be able to access the GUI for round 10 - 15 minutes.

2. If you use self-signed certificates in a distributed deployment, the primary self-signed certificate must be installed into the trusted certificate store of the secondary ISE server.  Likewise, the secondary self-signed certificate must be installed into the trusted certificate store of the primary ISE server. This allows the ISE servers to mutually authenticate each other.  Without this, the deployment might break. If you renew certificates from a third-party CA, verify whether the root certificate chain has changed and update the trusted certificate store in the ISE accordingly.

Here is document where same steps are documented. I've highlighted for your convenience.

Rgds,

Jatin

~ Do rate helpful posts.

~Jatin

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎08-16-2016 06:27 AM

The only downtime you can expect while renewing the HTTPS certificate is:

1. For HTTPS protocol changes, a restart of the ISE services is required, which creates a few minutes of downtime. You will not be able to access the GUI for round 10 - 15 minutes.

2. If you use self-signed certificates in a distributed deployment, the primary self-signed certificate must be installed into the trusted certificate store of the secondary ISE server.  Likewise, the secondary self-signed certificate must be installed into the trusted certificate store of the primary ISE server. This allows the ISE servers to mutually authenticate each other.  Without this, the deployment might break. If you renew certificates from a third-party CA, verify whether the root certificate chain has changed and update the trusted certificate store in the ISE accordingly.

Here is document where same steps are documented. I've highlighted for your convenience.

Rgds,

Jatin

~ Do rate helpful posts.

~Jatin
0 Helpful
Customers Also Viewed These Support Documents