https://community.cisco.com/t5/network-access-control/on-prem-ise-deployment-using-aws-certs/m-p/5351803#M599179 <P>The max lifespan for public certs is being shortened in a phased reduction, and in a few years the certs will only be valid for 47 days.&nbsp; For our on prem ISE deployment, at a minimum, we need a public cert for guest network.&nbsp; AWS certificate manager (ACM) seems to offer a secure and automated alternative.&nbsp; Can anyone who configured their Cisco ISE to use ACM certs share their experience or How To?&nbsp; Can ACM certs work with 100% on prem ISE deployment?</P> Tue, 02 Dec 2025 21:46:56 GMT tachyon05 2025-12-02T21:46:56Z https://community.cisco.com/t5/network-access-control/on-prem-ise-deployment-using-aws-certs/m-p/5351803#M599179 <P>The max lifespan for public certs is being shortened in a phased reduction, and in a few years the certs will only be valid for 47 days.&nbsp; For our on prem ISE deployment, at a minimum, we need a public cert for guest network.&nbsp; AWS certificate manager (ACM) seems to offer a secure and automated alternative.&nbsp; Can anyone who configured their Cisco ISE to use ACM certs share their experience or How To?&nbsp; Can ACM certs work with 100% on prem ISE deployment?</P> Tue, 02 Dec 2025 21:46:56 GMT https://community.cisco.com/t5/network-access-control/on-prem-ise-deployment-using-aws-certs/m-p/5351803#M599179 tachyon05 2025-12-02T21:46:56Z https://community.cisco.com/t5/network-access-control/on-prem-ise-deployment-using-aws-certs/m-p/5351829#M599180 <P>Assuming they are just like any regular certificate sure. But this is where a lot of customers are pivoting away from ISE guest to SaaS platform, LWA, or just an open network. ISE has no ACME or other automatic certificate re-enrollments so the ISE admin will need to manually update that public cert every 45 days, not ideal.</P> Wed, 03 Dec 2025 02:32:24 GMT https://community.cisco.com/t5/network-access-control/on-prem-ise-deployment-using-aws-certs/m-p/5351829#M599180 ahollifield 2025-12-03T02:32:24Z