https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/4779615#M579954 <P>Did they eventually renew? I also did the same and it's been a while not sure how long we are supposed to wait&nbsp;</P> Tue, 21 Feb 2023 13:29:54 GMT ivan_abibe 2023-02-21T13:29:54Z https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/4427030#M568268 <P>Hello,</P><P>&nbsp;</P><P>We have a couple of OCSP responder certificates expiring after 60 days. When I check the 'Issued by' column it has the name of one of the other node on it, which is the PAN.</P><P>&nbsp;</P><P>However, I am at a loss about how do I go further to renew it. There seems to be no basic documentation to cover this, but I am sure it is quite simple.</P><P>&nbsp;</P><P>How do I go about renewing it?</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P>Friendly Name Status Trusted For Issued To Issued By Valid From Expiration Date<BR />Certificate Services OCSP Responder - ISE01#00016 Enabled Endpoints,Infrastructure Certificate Services OCSP Responder - ISE01 Certificate Services Root CA - ISE02 Sun, 25 Sep 2016 Sun, 26 Sep 2021<BR />Certificate Services Endpoint Sub CA - ISE01#00017 Enabled Infrastructure,Endpoints Certificate Services Endpoint Sub CA - ISE01 Certificate Services Root CA - ISE02 Sun, 25 Sep 2016 Sun, 26 Sep 2021</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 02 Jul 2021 02:57:07 GMT https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/4427030#M568268 colossus1611 2021-07-02T02:57:07Z https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/4427824#M568292 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/264736">@colossus1611</a>&nbsp;</P> <P>&nbsp;</P> <P>It's kind of hidden</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="renew.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/124383iF3553049B908A36A/image-size/large?v=v2&amp;px=999" role="button" title="renew.png" alt="renew.png" /></span></P> Sun, 04 Jul 2021 21:53:45 GMT https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/4427824#M568292 Arne Bier 2021-07-04T21:53:45Z https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/4433464#M568471 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/158532">@Arne Bier</a>&nbsp;,</P><P>&nbsp;</P><P>Thank you! I didn't notice your response and was wondering how to go about this. So basically this will renew it same as self-signed certificates it seems.</P><P>&nbsp;</P><P>I will give it a go sometime today. Correct me if I am wrong but I think business hours should be fine as it shouldn't cause any disruption by the look of it.</P> Thu, 15 Jul 2021 01:38:50 GMT https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/4433464#M568471 colossus1611 2021-07-15T01:38:50Z https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/4433475#M568472 <P>It won't cause any outage - the cert's private key is retained, and all that happens is that the new cert has a new start and end date and a new signature (hash). Serial number should also remain as is, as far as I know.&nbsp;</P> <P>&nbsp;</P> <P>**Correction: The Serial number is different - this implies that the certificate is actually regenerated. But it's pretty quick - should be done in less than a minute.</P> Thu, 15 Jul 2021 04:02:27 GMT https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/4433475#M568472 Arne Bier 2021-07-15T04:02:27Z https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/4433486#M568473 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/158532">@Arne Bier</a>&nbsp;,</P><P>&nbsp;</P><P>Thanks again. I did go through the renewal process which seems to be just a single click with no selection of nodes required. It's been about an hour now and the certificates are still displaying an old expiry date, though it did suggest it may take some time at time of renewal.</P><P>&nbsp;</P><P>Interesting that it did not ask for a node name at all and yet all the nodes currently have a different OCSP expiry date.</P><P>&nbsp;</P><P>I might have to do this again - don't think the renewal will kick in now, given that it has already been more than an hour of wait.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 15 Jul 2021 03:56:51 GMT https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/4433486#M568473 colossus1611 2021-07-15T03:56:51Z https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/4779615#M579954 <P>Did they eventually renew? I also did the same and it's been a while not sure how long we are supposed to wait&nbsp;</P> Tue, 21 Feb 2023 13:29:54 GMT https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/4779615#M579954 ivan_abibe 2023-02-21T13:29:54Z https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/5339098#M598561 <P>Did this work for any of you?</P> Thu, 16 Oct 2025 10:49:25 GMT https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/5339098#M598561 Danny Dulin 2025-10-16T10:49:25Z https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/5345036#M598839 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/158532">@Arne Bier</a>&nbsp;I have done this several times and it has not worked.</P><P>The OSCP responder certificate that has expired is in Admin&gt;Certificates&gt;Certificate Authority&gt;Certificate Authority Certificates.<BR /><BR />Does this matter?</P> Thu, 06 Nov 2025 14:42:16 GMT https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/5345036#M598839 Danny Dulin 2025-11-06T14:42:16Z https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/5345141#M598841 <P>It can take a little while to display the new OCSP cert - and also, you might not see it immediately, because ISE doesn't delete the old one - keep scrolling to the end and keep an eye on the "#" number - in the past, I have had to manually delete the expired certs in the correct order (reverse order of creation - so, OCSPs first, then Endpoint Sub CAs, then Node CAs and lastly, the Root (there is only one))</P> Thu, 06 Nov 2025 20:18:36 GMT https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/5345141#M598841 Arne Bier 2025-11-06T20:18:36Z https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/5543824#M600196 <P>Bumping for the same reason.&nbsp; I went through this process a few weeks ago, and I still have the expired certs showing.&nbsp;&nbsp;</P><P>&nbsp;</P> Tue, 07 Apr 2026 20:45:13 GMT https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/5543824#M600196 MichaelMcCoyOU 2026-04-07T20:45:13Z https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/5543828#M600197 <P>I eventually opened a TAC case and they were able to help me to get it deleted.</P> Tue, 07 Apr 2026 21:13:18 GMT https://community.cisco.com/t5/network-access-control/ise-ocsp-responder-certificate-expiring/m-p/5543828#M600197 Danny Dulin 2026-04-07T21:13:18Z