https://community.cisco.com/t5/network-access-control/how-to-renew-a-self-signed-certificate-used-for-peap/m-p/4584205#M573827 <P>Hello,</P><P>We are using a self signed certificate for admin, <SPAN>PEAP (EAP-MSCHAPv2)</SPAN> authentication.</P><P>I know its not recommended, will have to plan and start using a CA signed cert.</P><P>But for now, need to renew it as it will expire soon.</P><P>I know how to extend the time on it in system certificates, will it fix the issue? what about certificate in end user machines?</P><P>Please help as I am new to ISE.</P><P>Thanks a lot.</P> Sat, 02 Apr 2022 11:37:03 GMT engineer467 2022-04-02T11:37:03Z https://community.cisco.com/t5/network-access-control/how-to-renew-a-self-signed-certificate-used-for-peap/m-p/4584205#M573827 <P>Hello,</P><P>We are using a self signed certificate for admin, <SPAN>PEAP (EAP-MSCHAPv2)</SPAN> authentication.</P><P>I know its not recommended, will have to plan and start using a CA signed cert.</P><P>But for now, need to renew it as it will expire soon.</P><P>I know how to extend the time on it in system certificates, will it fix the issue? what about certificate in end user machines?</P><P>Please help as I am new to ISE.</P><P>Thanks a lot.</P> Sat, 02 Apr 2022 11:37:03 GMT https://community.cisco.com/t5/network-access-control/how-to-renew-a-self-signed-certificate-used-for-peap/m-p/4584205#M573827 engineer467 2022-04-02T11:37:03Z https://community.cisco.com/t5/network-access-control/how-to-renew-a-self-signed-certificate-used-for-peap/m-p/4584562#M573830 <P>Renew certificates follows the same process. You need to create a new CSR, send it to who can sign it for you and re-install the signed certificate.</P><P>&nbsp; You need to send this to your clients devices via some kind of MDM or via GPO.</P><P>&nbsp;</P><P>But, I am confuse about some information you said. You first refers to admin certificate and then you ask for clients certificates. You mentioned PEAP which is Protectec EAP but it is not TLS or DTLS. Make sure you have all the information in order to proceed.</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 03 Apr 2022 14:47:04 GMT https://community.cisco.com/t5/network-access-control/how-to-renew-a-self-signed-certificate-used-for-peap/m-p/4584562#M573830 Flavio Miranda 2022-04-03T14:47:04Z https://community.cisco.com/t5/network-access-control/how-to-renew-a-self-signed-certificate-used-for-peap/m-p/4584630#M573835 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/157474">@engineer467</a>&nbsp;</P> <P>&nbsp;</P> <P>You say "self-signed" certificate. By that I assume you mean that you are using the ISE EAP System certificate that was created in ISE when it was installed. To renew those is very easy.</P> <P>Click on the Self-Signed Certificate and select Edit</P> <P>Scroll down to the bottom of the screen and tick the box "Renewal Period" and then enter a value in days. Click Save. Done.</P> <P>It will renew the ISE Self-Signed cert and update the Valid From and Valid To dates. The serial number should not change, but the fingerprint should be updated.</P> <P>As for your end clients, they will see a new ISE EAP certificate and they will have to trust it all over again - either by manually accepting the new cert, or by you pushing that new ISE cert as a "Trusted Root" to all clients (via Group Policy or MDM etc.)</P> Sun, 03 Apr 2022 20:58:53 GMT https://community.cisco.com/t5/network-access-control/how-to-renew-a-self-signed-certificate-used-for-peap/m-p/4584630#M573835 Arne Bier 2022-04-03T20:58:53Z https://community.cisco.com/t5/network-access-control/how-to-renew-a-self-signed-certificate-used-for-peap/m-p/4584695#M573839 <P>Hello Arne,</P><P>&nbsp;</P><P>Thank you for the reply.</P><P>I will follow the steps and update here asap.</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 04 Apr 2022 03:13:16 GMT https://community.cisco.com/t5/network-access-control/how-to-renew-a-self-signed-certificate-used-for-peap/m-p/4584695#M573839 engineer467 2022-04-04T03:13:16Z https://community.cisco.com/t5/network-access-control/how-to-renew-a-self-signed-certificate-used-for-peap/m-p/4587850#M573937 <P>Hello Arne,</P><P>&nbsp;</P><P>All worked smoothly after following your steps.</P><P>Thanks a lot again.</P> Thu, 07 Apr 2022 06:52:59 GMT https://community.cisco.com/t5/network-access-control/how-to-renew-a-self-signed-certificate-used-for-peap/m-p/4587850#M573937 engineer467 2022-04-07T06:52:59Z