cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
253
Views
5
Helpful
0
Replies

Renew CAPF Certificate in Mixed Mode & NAC environment

rchaseling
Participant
Participant

Hi,

Wondering if anyone has experience regenerating a self signed CAPF cert in a ISE/NAC environment?

 

We have the CAPF cert uploaded to ISE to authenticate the phones on the network. I'm reading what happens when you re-generate the the CAPF cert and I believeit resets all the IP Phones......my concern would be that the phones might not re-register back until we have the new CAPF cert uploaded to NAC ....... and worse case scenario will time out trying to register before we get the new cert uploaded.

 

If anyone has an tips or gotchas experienced regenerating the CAPF in Mixed Mode using NAC it would be appreciated

 

My plan is

  • Regenerate CAPF on Pub - followed by all subs (not saure why its required on subs but it appears to be in the guides)
  • Upload new CAPF to ISE
  • Update CTL File on pub using command "utils CTL update CTLFile"
  • Restart CUCM service on all nodes
  • Restart CAPF service on Pub
  • Restart TVS on all subscribers one at a time
  • Restart TFTP service
  • Reset all IP Phones

Thanks

 

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers