Generate a self-signed certificate
Generate a self-signed certificate to add a new local certificate for internal testing and evaluation purposes in Cisco ISE.
Add a new local certificate by generating a self-signed certificate. Cisco recommends that you only employ self-signed certificates for your internal testing and evaluation needs. If you plan to deploy Cisco ISE in a production environment, use CA-signed certificates whenever possible to ensure more uniform acceptance around a production network.
Note | If you use a self-signed certificate and you want to change the hostname of your Cisco ISE node, log in to the administration portal of the Cisco ISE node, delete the self-signed certificate that has the old hostname, and generate a new self-signed certificate. Otherwise, Cisco ISE continues to use the self-signed certificate with the old hostname. |
Before you begin
To perform this task, you must be a Super Admin or System Admin.
Follow these steps to generate a self-signed certificate:
Procedure
Step 1 | In the Cisco ISE GUI, click the Menu icon ( To generate a self-signed certificate from a secondary node, choose . |
Step 2 | In the ISE-PIC GUI, click
the Menu icon ( |
Step 3 | Click Generate Self Signed Certificate and enter the details in the window displayed. |
Step 4 | Check the check boxes in the Usage area based on the service for which you want to use this certificate. |
Step 5 | Click Submit to generate the certificate. To restart the secondary nodes, from the CLI, enter these commands in this order:
|
) and choose