Hi,
Wondering if anyone has experience regenerating a self signed CAPF cert in a ISE/NAC environment?
We have the CAPF cert uploaded to ISE to authenticate the phones on the network. I'm reading what happens when you re-generate the the CAPF cert and I believeit resets all the IP Phones......my concern would be that the phones might not re-register back until we have the new CAPF cert uploaded to NAC ....... and worse case scenario will time out trying to register before we get the new cert uploaded.
If anyone has an tips or gotchas experienced regenerating the CAPF in Mixed Mode using NAC it would be appreciated
My plan is
- Regenerate CAPF on Pub - followed by all subs (not saure why its required on subs but it appears to be in the guides)
- Upload new CAPF to ISE
- Update CTL File on pub using command "utils CTL update CTLFile"
- Restart CUCM service on all nodes
- Restart CAPF service on Pub
- Restart TVS on all subscribers one at a time
- Restart TFTP service
- Reset all IP Phones
Thanks