Hi board,
maybe I'm asking a rather dumb question here, but anyway :)
I'm currently thinking about how to renew an admin/EAP certificate on an ISE node and the effect on the endpoint authentication.
Here's the thing I do, when I initially install an ISE node
1.) CSR creation on ISE (PAN) - CN=$FQDN$ and SAN="fqdn as well"
2.) Sign CSR and bind certificate on ISE node - done
Now after 10 month or so (if the certificate is valid for one year) I want to renew the ISE admin/EAP certificate.
CSR creation: I cannot use the $FQDN$ as the CN, because there is still the current certificate (CN must be unique in the store, right?)
So what to do now? Do I really need to create a temporary SSC and make it the admin/EAP certificate, delete the current certificate and then create a new CSR? There must be a better and more important non-disruptive way of doing this.
How do you guys do this in your deployments?
Thanks in advance and sorry again if this is a silly question.
Johannes
