Generate a Self-Signed Certificate

Add a new local certificate by generating a self-signed certificate. Cisco recommends that you only employ self-signed certificates for your internal testing and evaluation needs. If you plan to deploy Cisco ISE in a production environment, use CA-signed certificates whenever possible to ensure more uniform acceptance around a production network.

Note

If you use a self-signed certificate and you want to change the hostname of your Cisco ISE node, log in to the administration portal of the Cisco ISE node, delete the self-signed certificate that has the old hostname, and generate a new self-signed certificate. Otherwise, Cisco ISE continues to use the self-signed certificate with the old hostname.

Before you begin

To perform the following task, you must be a Super Admin or System Admin.

Procedure


Step 1

In the Cisco ISE GUI, click the Menu icon () and choose Administration > System > Certificates > System Certificates.

To generate a self-signed certificate from a secondary node, choose Administration > System > Server Certificate.

Step 2

In the ISE-PIC GUI, click the Menu icon () and choose Certificates > System Certificates.

Step 3

Click Generate Self Signed Certificate and enter the details in the window displayed.

Step 4

Check the check boxes in the Usage area based on the service for which you want to use this certificate.

Step 5

Click Submit to generate the certificate.

To restart the secondary nodes, from the CLI, enter the following commands in the following order:

  1. application stop ise

  2. application start ise