https://community.cisco.com/t5/network-access-control/self-signed-root-certificates/m-p/3997622#M455080 <P>You should not put self signed certs in the Trusted Store. The Trust Store is for CA certs. Yes - self-signed certs are Root certs and therefore a CA <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> But -&nbsp; you said you don't use ISE self-signed certs. So why do you want to keep these hanging around?&nbsp;</P> <P>&nbsp;</P> <P>So to answer your question - an ISE Self-Signed cert originates from the System Certs section.&nbsp; go there and click on the Generate Self-Signed cert to create new ones. Then delete the old one(s).</P> Thu, 12 Dec 2019 04:33:54 GMT Arne Bier 2019-12-12T04:33:54Z https://community.cisco.com/t5/network-access-control/self-signed-root-certificates/m-p/3996500#M455079 <P>My self signed Root certificates have expired in the Trusted certificates section. They are not being used by any services yet I'd like to renew them. Unlike the System certs there is no option to renew them. Anyone assist ?</P> Tue, 10 Dec 2019 14:05:46 GMT https://community.cisco.com/t5/network-access-control/self-signed-root-certificates/m-p/3996500#M455079 fazmeister4 2019-12-10T14:05:46Z https://community.cisco.com/t5/network-access-control/self-signed-root-certificates/m-p/3997622#M455080 <P>You should not put self signed certs in the Trusted Store. The Trust Store is for CA certs. Yes - self-signed certs are Root certs and therefore a CA <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> But -&nbsp; you said you don't use ISE self-signed certs. So why do you want to keep these hanging around?&nbsp;</P> <P>&nbsp;</P> <P>So to answer your question - an ISE Self-Signed cert originates from the System Certs section.&nbsp; go there and click on the Generate Self-Signed cert to create new ones. Then delete the old one(s).</P> Thu, 12 Dec 2019 04:33:54 GMT https://community.cisco.com/t5/network-access-control/self-signed-root-certificates/m-p/3997622#M455080 Arne Bier 2019-12-12T04:33:54Z https://community.cisco.com/t5/network-access-control/self-signed-root-certificates/m-p/3998046#M455081 <BLOCKQUOTE><HR /><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/158532">@Arne Bier</a>&nbsp;wrote:<BR /> <P>You should not put self signed certs in the Trusted Store. The Trust Store is for CA certs. Yes - self-signed certs are Root certs and therefore a CA <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> But -&nbsp; you said you don't use ISE self-signed certs. So why do you want to keep these hanging around?&nbsp;</P> <P>&nbsp;</P> <P>So to answer your question - an ISE Self-Signed cert originates from the System Certs section.&nbsp; go there and click on the Generate Self-Signed cert to create new ones. Then delete the old one(s).</P> <HR /></BLOCKQUOTE> <P>agree, also check out&nbsp;<A href="https://community.cisco.com/t5/security-documents/how-to-implement-digital-certificates-in-ise/ta-p/3630897" target="_blank">https://community.cisco.com/t5/security-documents/how-to-implement-digital-certificates-in-ise/ta-p/3630897</A></P> Thu, 12 Dec 2019 17:13:10 GMT https://community.cisco.com/t5/network-access-control/self-signed-root-certificates/m-p/3998046#M455081 Jason Kunst 2019-12-12T17:13:10Z https://community.cisco.com/t5/network-access-control/self-signed-root-certificates/m-p/3999854#M455082 <P>Thanks, I've removed them now</P> Tue, 17 Dec 2019 10:13:15 GMT https://community.cisco.com/t5/network-access-control/self-signed-root-certificates/m-p/3999854#M455082 fazmeister4 2019-12-17T10:13:15Z