11-06-2016 07:36 AM - edited 03-11-2019 12:12 AM
Hello Guys
I have a Two Nodes deployment 4 ise .
ISE1 primary administration & secondary monitoring
ise2 secondary administration& primary monitoring
On ISE self-signed certificates expired.
I've tried to certificate renew, it look like ok, but it wasnt, old certificate is still there.
Tried to delete old certificate, but i had error "unable to delete certificates that are associated with a protocol"
Can you hel here please, i cant renew at all certificate
Cheers
11-06-2016 09:47 AM
The initial selfsigned certificates are not really meant to be used in production. The best way to use certificates depends on the intended usage.
Without knowing what you are doing with your ISE, a usual way is to generate a certificate with SANs for both nodes (and if needed for sponsor/mydevices) and import the new certificate in both nodes. After that you assign the protocols to this new certificates and then the old one can be deleted.
I assume you don't have a CA in place, in that case I would generate the certificates on a Linux-Box or Mac with openSSL.
11-07-2016 07:55 AM
Hello
After you renew the cert ,you need to replace the old cert in "system cert"
When you replace the cert ,remember to chose default cert group.This can replace the cert is using in the portal(admin,sponsor and hotspot)
Duncan
11-07-2016 10:58 PM
11-08-2016 07:10 AM
You old Certificate is still in use and it seems that there is no new one. First make sure that you get your new certificate, then configure this one for all protocols (at least HTTPS and EAP are enabled on the old cert). After that you can delete the old certificate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide