Cisco ISE || Wildcard Certificate update fails on secondary nodes

New certificate successfully updated on primary PAN but never made it to the secondary nodes.

Solution:

Export successfully imported cert and private key (with password).

Import to the secondary nodes from primary PAN manually.

Select proper node, do not check “Allow wildcard certificates”, select proper roles.

 

 

 

1 comments On Cisco ISE || Wildcard Certificate update fails on secondary nodes

  • Thank you .
    Our environment also hit below bug where wildcard cert not able to push on secondary node
    https://bst.cisco.com/bugsearch/bug/CSCwd10951
    We have fixed this issue with below steps :-

    1) deregister the ISE node 2 from deployment .
    2) Export the new wildcard certificate from ISE node 1 with key.
    2) Import this new wild card certificate manually on ISE node 2
    3) Set the usage of new wildcard certificate for admin roles on ISE node 2
    4) Map the new wildcard certificate for admin roles on ISE node 1
    5) Register the ISE Node 2 again in deployment . At this time both nodes have new wildcard certificate and already mapped with admin roles.
    6) Assign the roles on personas on ISE node 2
    7) Check the Sync option in deployment .

Leave a reply:

Your email address will not be published.

Site Footer

Sliding Sidebar