cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
464
Views
0
Helpful
6
Replies
Beginner

Renewing Self Signed Certificate on IPN Nodes 1.2

Dear Team

I have just upgraded the ISE infrastructure to 1.2, IPN nodes have also been upgraded, a default self signed certificate is generated, which is for a validity of 90 days.

on my ISE main units, i have self signed certificates with 2048 Modulas and SHA1-256 hash, validity = 12 years.

1:  I want to generate self signed certificate on IPN with the same specifications.

how it can be achieved, is it through "pep certificate server add" ?

IPN2/admin# pep certificate server add
Server Certificate change will result in application restart. Proceed? (y/n): y
Bind the certificate to private key made by last certificate signing request? (y/n):

but as such i am not generating any CSR, because we do not have any CA in our deployment.

Thanks

Ahad Samir

 

 

6 REPLIES 6
Beginner

Above requirement is

Above requirement is necessary because we don't have an Enterprise CA in our Deployment. We have to rely on self Signed certificates.

Further Self Signed certificates should be valid for a long period so that no communication issue happens, 

Rising star

Please read "Guidelines for

Please read "Guidelines for Configuring Certificates for Inline Posture " from

http://www.cisco.com/c/en/us/td/docs/security/ise/1-1/user_guide/ise11_user_guide/ise_ipep_deploy.html

Beginner

Hi Mansoor,I have this same

Hi Mansoor,

I have this same issue renewing self-signed certificate of IPN node, did you find the solution?

 

Thanks,

Mario Falcao

Beginner

Hi Mariounfortunately no

Hi Mario

unfortunately no solution was found, i could not contact TAC because of service contract issues.

 

 

Highlighted
Beginner

Hi Mansoor,I already opened a

Hi Mansoor,

I already opened a TAC case and there is no way to renew self-signed certificate for a period greater than 90 days and that's why Cisco recommends to use CA signed certificate.

 

So currently you are renewing the self-signed certificate of your IPN node every 90 days?

 

 

Beginner

Really Amazed, that no one

Really Amazed, that no one has faced this basic requirement, seems need to open TAC Case now.