I would like som clarification about certificates in DNAC 126.96.36.199.
How can I replace the certificate for the admin-portal?
Under System/Settings/Trust & Privacy/Certificates there is a button to replace certificate. Is this certificate only for the admin portal?
DNAC is integrated with ISE and I have multiple switches and WLC in fabrics and I can see that DNAC has issued certificates to all those devices. So I am scared that if I replace the certificate it will break communication between DNAC and all the devices.
I just got word from Cisco that if I replace the certificat under System Certificate DNAC will need to push new certificates to all network devices. So that does not only change the cert for the DNAC GUI.
That's correct. This certificate is used for more than just the DNAC GUI. The management of northbound API applications and network devices is done via this cert. Once a new certificate is installed, by default DNAC will propagate this cert to all the devices in Inventory. You may need to do a “resync” on devices in the inventory to get them back into the managed state.