Sean,
These are the instructions from Cisco TAC that worked for us last time
we renewed our certs. Maybe something here will help you?
====================
1) From CAM web console, manage the CAS, go to the Certs section and
export the current private key, then the certificate.
Save this somewhere safe.
2) During a maintenance window, generate a new temporary certificate for
the CAS using the UI. Please make sure that you fill all the fields
correctly. Once the new certificate is generated, export the new
private key and a CSR (certificate signing request).
3) During the same maintenance window, import back the old private key,
and certificate, verify and upload the cert and restart the CAS (service
perfigo restart or reboot whichever is easier).
4) Send the CSR obtained in step#2 for signing. Once you receive the
signed cert back, perform step #3 except with the new private key and
the newly received signed cert. And restart the CAS.
=======================
Kurt
Hennessey, Sean wrote:
Hi Nate -
When I've tried to generate a new CSR I've gotten an error saying that
the request was previously used. I'm pretty new to the Cert game, so if
you can point me in the right direction I'd really appreciate it. I'm
pretty sure that my getting it to work properly two years ago, when we
implemented NAC originally, was a fluke! :)
- Sean
----
Sean Hennessey
Networking and Information Security Systems Administrator
The University of Portland
