05-08-2014 01:11 PM - edited 03-10-2019 09:42 PM
Dear Team
I have just upgraded the ISE infrastructure to 1.2, IPN nodes have also been upgraded, a default self signed certificate is generated, which is for a validity of 90 days.
on my ISE main units, i have self signed certificates with 2048 Modulas and SHA1-256 hash, validity = 12 years.
1: I want to generate self signed certificate on IPN with the same specifications.
how it can be achieved, is it through "pep certificate server add" ?
IPN2/admin# pep certificate server add
Server Certificate change will result in application restart. Proceed? (y/n): y
Bind the certificate to private key made by last certificate signing request? (y/n):
but as such i am not generating any CSR, because we do not have any CA in our deployment.
Thanks
Ahad Samir
05-11-2014 01:37 AM
Above requirement is necessary because we don't have an Enterprise CA in our Deployment. We have to rely on self Signed certificates.
Further Self Signed certificates should be valid for a long period so that no communication issue happens,
05-13-2014 12:39 AM
Please read "Guidelines for Configuring Certificates for Inline Posture " from
http://www.cisco.com/c/en/us/td/docs/security/ise/1-1/user_guide/ise11_user_guide/ise_ipep_deploy.html
07-06-2015 09:14 AM
Hi Mansoor,
I have this same issue renewing self-signed certificate of IPN node, did you find the solution?
Thanks,
Mario Falcao
07-06-2015 11:43 PM
Hi Mario
unfortunately no solution was found, i could not contact TAC because of service contract issues.
07-07-2015 05:07 AM
Hi Mansoor,
I already opened a TAC case and there is no way to renew self-signed certificate for a period greater than 90 days and that's why Cisco recommends to use CA signed certificate.
So currently you are renewing the self-signed certificate of your IPN node every 90 days?
05-13-2014 02:20 AM
Really Amazed, that no one has faced this basic requirement, seems need to open TAC Case now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide