Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
414
Views
5
Helpful
0
Replies

Renew CAPF Certificate in Mixed Mode & NAC environment

rchaseling
Level 4
Level 4

‎06-10-2021 01:54 AM - edited ‎06-10-2021 02:05 AM

Hi,

Wondering if anyone has experience regenerating a self signed CAPF cert in a ISE/NAC environment?

 

We have the CAPF cert uploaded to ISE to authenticate the phones on the network. I'm reading what happens when you re-generate the the CAPF cert and I believeit resets all the IP Phones......my concern would be that the phones might not re-register back until we have the new CAPF cert uploaded to NAC ....... and worse case scenario will time out trying to register before we get the new cert uploaded.

 

If anyone has an tips or gotchas experienced regenerating the CAPF in Mixed Mode using NAC it would be appreciated

 

My plan is

  • Regenerate CAPF on Pub - followed by all subs (not saure why its required on subs but it appears to be in the guides)
  • Upload new CAPF to ISE
  • Update CTL File on pub using command "utils CTL update CTLFile"
  • Restart CUCM service on all nodes
  • Restart CAPF service on Pub
  • Restart TVS on all subscribers one at a time
  • Restart TFTP service
  • Reset all IP Phones

Thanks

 

Labels:
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents