https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/4714814#M578028 <P>Hi</P> <P>If we are revoking the certificate the users are stil able to login.</P> <P>We have gone to the internal ca and revoked the certificate but the device is still authenticating and getting on-board.</P> Wed, 02 Nov 2022 12:11:02 GMT saxenanitesh8522 2022-11-02T12:11:02Z https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/3543839#M537627 <HTML><HEAD></HEAD><BODY><P>Hi folks,</P><P></P><P>Is it posible to remove endpoint certificates generated by ISE internal CA?</P><P></P><P>Thanks,</P><P>Eric</P></BODY></HTML> Thu, 08 Sep 2016 00:13:13 GMT https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/3543839#M537627 Eric Pineda 2016-09-08T00:13:13Z https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/3543840#M537633 <HTML><HEAD></HEAD><BODY><P>Yes, you can revoke an endpoint cert by going to <STRONG>Administration &gt; System &gt; Certificates</STRONG>, choose <STRONG>Endpoint Certificates</STRONG> from the <STRONG>Left Menu</STRONG>.&nbsp; Select the cert you would like to revoke and click the <STRONG>X Revoke</STRONG> button.</P><P></P><P><IMG alt="endpointCert.PNG" class="image-1 jive-image" src="https://community.cisco.com/legacyfs/online/fusion/100066_endpointCert.PNG" style="height: 160px; width: 620px;" /></P><P></P><P>Screenshot is from ISE 2.1</P></BODY></HTML> Thu, 08 Sep 2016 13:45:39 GMT https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/3543840#M537633 Charlie Moreton 2016-09-08T13:45:39Z https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/3543841#M537640 <HTML><HEAD></HEAD><BODY><P>You can revoke but not remove (delete)</P></BODY></HTML> Thu, 08 Sep 2016 13:48:28 GMT https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/3543841#M537640 Jason Kunst 2016-09-08T13:48:28Z https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/3543842#M537646 <HTML><HEAD></HEAD><BODY><P>Endpoint certificates will be removed 30 days after its expiry automatically. Revoked certificates will also be removed 30 days after expiry.</P></BODY></HTML> Thu, 08 Sep 2016 14:34:55 GMT https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/3543842#M537646 howon 2016-09-08T14:34:55Z https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/3543843#M537649 <HTML><HEAD></HEAD><BODY><P>Thanks for the responses!</P></BODY></HTML> Thu, 08 Sep 2016 17:48:09 GMT https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/3543843#M537649 Eric Pineda 2016-09-08T17:48:09Z https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/3759424#M537654 <P style="padding-left: 30px;">Hi howon,</P> <P style="padding-left: 30px;">&nbsp;</P> <P style="padding-left: 30px;">How if the expired or revoke certificate to be retained or extend listed in endpoint certificate before automatically delete ?</P> Fri, 07 Dec 2018 08:18:10 GMT https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/3759424#M537654 Looi Siew Key 2018-12-07T08:18:10Z https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/4663108#M576529 <P>so, what you saying if the certificate expire in 2 years, it will stay there for 2 years and 30 days before it is gone....WOW</P> Wed, 03 Aug 2022 16:57:48 GMT https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/4663108#M576529 salprevitera 2022-08-03T16:57:48Z https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/4714814#M578028 <P>Hi</P> <P>If we are revoking the certificate the users are stil able to login.</P> <P>We have gone to the internal ca and revoked the certificate but the device is still authenticating and getting on-board.</P> Wed, 02 Nov 2022 12:11:02 GMT https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/4714814#M578028 saxenanitesh8522 2022-11-02T12:11:02Z https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/4715159#M578047 <P>It sounds like ISE is not performing the revocation checks for some reason. I would suggest confirming the following:</P> <UL> <LI>Verify that the internal CA/EST/OCSP responder is enabled in <STRONG><EM>Admin &gt; System &gt; Certificates &gt; Certificate Authority &gt; Internal CA Settings</EM></STRONG></LI> <LI>Verify that the OCSP validation is enabled and using the internal OCSP responder for all of the internal CA chain certificates in <STRONG><EM>Admin &gt; System &gt; Certificates &gt; Certificate Management &gt; Trusted Certificates</EM></STRONG></LI> </UL> <P>If both of those are verified, you likely need to open a TAC case to investigate further.</P> <P>&nbsp;</P> Wed, 02 Nov 2022 21:34:15 GMT https://community.cisco.com/t5/network-access-control/remove-endpoint-certificate-from-ise-internal-ca/m-p/4715159#M578047 Greg Gibbs 2022-11-02T21:34:15Z