04-23-2024 10:41 PM
Hello.
I'm trying to renew the ISE's certificate, but I'm using both admin and eap authentication, portal, and radius DTLS.
In this case, I would like to know if renewing this certificate will reboot the ISE or if it will cause downtime.
The certificate is a private certificate.
04-23-2024 11:29 PM
Renew the admin cert. Will automatically need restart ISE
MHM
04-23-2024 11:30 PM
Would there be a downtime if I only renewed for eap authentication apart from the admin certificate?
04-24-2024 12:02 AM
Will check and I will share some note about how you renew cert. Without loss service.
In end keep in mind that you need to use same name in CN or SAN.
MHM
04-24-2024 12:57 AM
@CCC3 only replacing the admin certificate requires the ISE application services to restart. Renewing the EAP authentication certificate will not require downtime.
04-24-2024 03:17 AM
As @Rob Ingram mentioned, renewing ISE admin cert would require ISE services to be restarted (I am not sure if this behaviour has changed in ISE 3.3 as per the below link). However, if you have EAP authentication usage associated to the same certificate, then during the renewal process there will be a brief amount of downtime for the dot1x re-authentication and new authentication sessions, because during that time ISE won't be able to present its identity certificate to the clients during negotiation. On the other side, if EAP authentication usage is associated to a different certificate, and you go and renew the admin certificate then authentication sessions wouldn't be affected.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide