Hi,
Would anyone know what the impact might be on a DMVPN if I were to rename/recreate the internal IOS CA Server hostname and trustpoint?
I assume I would have to re-create the RSA certs and trustpoint from scratch. And then, I'd have to go to each of the routers (including spokes and headhends) and re-aquire the new root cert, then re-enroll for new router certs which seem like it will bring down the tunnels... and since the CA server is internal, once the tunnels are down, the spokes will not be able to renew unless I configure a temporary pre-shared key crypto tunnel.
Is there a better, simpler way?
If anyone's ever done this in a lab, I'd appreciate any comments...
Thanks