05-08-2014 01:11 PM - edited 03-10-2019 09:42 PM
Dear Team
I have just upgraded the ISE infrastructure to 1.2, IPN nodes have also been upgraded, a default self signed certificate is generated, which is for a validity of 90 days.
on my ISE main units, i have self signed certificates with 2048 Modulas and SHA1-256 hash, validity = 12 years.
1: I want to generate self signed certificate on IPN with the same specifications.
how it can be achieved, is it through "pep certificate server add" ?
IPN2/admin# pep certificate server add
Server Certificate change will result in application restart. Proceed? (y/n): y
Bind the certificate to private key made by last certificate signing request? (y/n):
but as such i am not generating any CSR, because we do not have any CA in our deployment.
Thanks
Ahad Samir
05-11-2014 01:37 AM
Above requirement is necessary because we don't have an Enterprise CA in our Deployment. We have to rely on self Signed certificates.
Further Self Signed certificates should be valid for a long period so that no communication issue happens,
05-13-2014 12:39 AM
Please read "Guidelines for Configuring Certificates for Inline Posture " from
http://www.cisco.com/c/en/us/td/docs/security/ise/1-1/user_guide/ise11_user_guide/ise_ipep_deploy.html
07-06-2015 09:14 AM
Hi Mansoor,
I have this same issue renewing self-signed certificate of IPN node, did you find the solution?
Thanks,
Mario Falcao
07-06-2015 11:43 PM
Hi Mario
unfortunately no solution was found, i could not contact TAC because of service contract issues.
07-07-2015 05:07 AM
Hi Mansoor,
I already opened a TAC case and there is no way to renew self-signed certificate for a period greater than 90 days and that's why Cisco recommends to use CA signed certificate.
So currently you are renewing the self-signed certificate of your IPN node every 90 days?
05-13-2014 02:20 AM
Really Amazed, that no one has faced this basic requirement, seems need to open TAC Case now.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: