We have to renew System Certificates in a distributed environment that will expire in a few days using the same external CA. We are running 2.2 patch 7. We changed the OU (CN,OU,C,O,L,ST) field so that the subject is different than the current one and selected Multi Use (Admin, EAP Authentication, Portal) when generating the CSR for the renewal. The following is what I need clarity on. 1. When to edit the PSNs Usage to EAP Authentication after the Bind was successfull? 2. What is the behavior when both the old but still valid cert is in the system and the new cert has been updated with EAP usage? 3. Will the new one take immediately over when it is updated with the Usage or will it only come into effect after the old one has expired? 4. Is there a way that you can force the ISE to use new certs before the old one expires without deleting or do you have to wait until the old cert expires and then see what the authentication behavior is?
... View more