If you are performing an application reset or re-imaging a Cisco’s Identity Service Engine (ISE) node that is a member of a multinode deployment, exporting your certificates before you begin will cut down on your total time to restoration by allowing you to quickly re-import your certificate(s) and re-register to the multinode deployment. Cisco ISE uses PKI for secure communication between Cisco ISE nodes in a multinode deployment.
Exporting:
To begin, navigate to “Administration > Certificates”.
Next, click “Local Certificates” in the “Certificate Operations” pane on the left, tick the check box next to the certificate you would like to export, and click “Export”.
Select “Export Certificate and Private Key”, and create a private-key password that will be used during the import process. The certificate and private key will be exported to a *.ZIP file.
Next, click “Certificate Store” in the “Certificate Operations” pane on the left. Tick the box next to the certificate you would like to export, and click “Export”. Repeat this process until you have exported all the certificates that you’ll need from the certificate store. Depending on your browser settings, the certificate will be stored in a predefined location, or you’ll be prompted to save the certificate as a *.PEM file.
Importing:
To begin, navigate back to “Administration > Certificates”.
Next, click “Local Certificates” in the “Certificate Operations” pane, click “Add” and select “Import Local Server Certificate”.
Locate your previously exported certificate and private-key files, enter the encryption password and tick the check boxes as seen below. Ticking the “Management Interface: Use certificate to authenticate the web server (GUI)” box will cause the ISE application to restart. Additionally, this tick box is used for HTTPS certificate relationships between ISE and your browser during management and is not used for validating communication between ISE nodes, therefore making it optional if you’re already using a certificate for HTTPS management.
Next, click “Certificate Store” in the “Certificates” pane, click “Import” and locate the *.PEM file(s) previously exported. Tick the following boxes and click submit to import the certificate.
