https://community.cisco.com/t5/network-access-control/cisco-ise-certificate-expired/m-p/4501322#M571011 <P>I have the following three expired certficates on Cisco ISE.</P><OL><LI><SPAN>Default self-signed server certificate (expired on 06 Nov 2019)</SPAN></LI><LI><SPAN>DST Root CA X3 Certificate Authority&nbsp;(expired on 30 Sep 2021)</SPAN></LI><LI><SPAN>VeriSign Class 3 Secure Server CA - G3&nbsp;(expired on 08&nbsp;Feb 2020)</SPAN></LI></OL><P><SPAN>Since we have to update to version 2.6 can we prooceed to delete them without any problems?</SPAN></P><P><SPAN>Alternatively, is it possible to renewal them with a internal ise procedure?</SPAN></P><P>Thanks a lot</P><P>&nbsp;</P> Thu, 11 Nov 2021 09:00:50 GMT Giesseffe 2021-11-11T09:00:50Z https://community.cisco.com/t5/network-access-control/cisco-ise-certificate-expired/m-p/4501322#M571011 <P>I have the following three expired certficates on Cisco ISE.</P><OL><LI><SPAN>Default self-signed server certificate (expired on 06 Nov 2019)</SPAN></LI><LI><SPAN>DST Root CA X3 Certificate Authority&nbsp;(expired on 30 Sep 2021)</SPAN></LI><LI><SPAN>VeriSign Class 3 Secure Server CA - G3&nbsp;(expired on 08&nbsp;Feb 2020)</SPAN></LI></OL><P><SPAN>Since we have to update to version 2.6 can we prooceed to delete them without any problems?</SPAN></P><P><SPAN>Alternatively, is it possible to renewal them with a internal ise procedure?</SPAN></P><P>Thanks a lot</P><P>&nbsp;</P> Thu, 11 Nov 2021 09:00:50 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-certificate-expired/m-p/4501322#M571011 Giesseffe 2021-11-11T09:00:50Z https://community.cisco.com/t5/network-access-control/cisco-ise-certificate-expired/m-p/4501351#M571012 <P>&nbsp;</P> <P>&nbsp;- As far as renewal procedures is concerned , you may want to check these documents :</P> <P>&nbsp; &nbsp; &nbsp;<A href="https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217191-configuration-guide-to-certificate-renew.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217191-configuration-guide-to-certificate-renew.html</A></P> <P>&nbsp; &nbsp;<A href="https://community.cisco.com/t5/security-documents/how-to-implement-digital-certificates-in-ise/ta-p/3630897" target="_blank">https://community.cisco.com/t5/security-documents/how-to-implement-digital-certificates-in-ise/ta-p/3630897</A></P> <P>&nbsp;M.</P> Thu, 11 Nov 2021 09:37:51 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-certificate-expired/m-p/4501351#M571012 Mark Elsen 2021-11-11T09:37:51Z https://community.cisco.com/t5/network-access-control/cisco-ise-certificate-expired/m-p/4503222#M571057 <P>See the following posts related to the public signed certs:</P> <P><A href="https://community.cisco.com/t5/network-access-control/ok-to-delete-dst-root-ca-x3-certificate-authority/m-p/4428847" target="_blank" rel="noopener">OK to delete DST Root CA X3 Certificate Authority ?</A>&nbsp;</P> <P><A href="https://community.cisco.com/t5/network-access-control/ise-2-3-7-how-to-renew-the-verisign-class-2-secure-server-ca-g3/td-p/3953875" target="_blank" rel="noopener">[ISE 2.3.7] How to renew the 'VeriSign Class 2 Secure Server CA - G3 in Trusted Certificates.</A>&nbsp;</P> <P>If the self-signed cert does not have a usage attached, you can delete it. If it does have a usage attached (e.g. SAML,&nbsp; pxGrid, etc), you should generate a new self-signed certificate for that usage, then delete the expired cert.</P> Mon, 15 Nov 2021 21:51:44 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-certificate-expired/m-p/4503222#M571057 Greg Gibbs 2021-11-15T21:51:44Z