Re: Error Renewing ISE Certificate

zstamm · ‎01-09-2024

I am trying to renew a system Certificate on ISE. This is a CA cert for the Admin, Portal, EAP Authentication, and RADIUS DTLS roles. First I generated a CSR using the generator on ISE. When we try to bind the new cert using the option on the CSR page, we get the message:
"There is one or more trusted certificates(s) with the same subject name and issuer but having a different serial number 'Subject: CN=<CN> - Serial Number: <Serial Number> '. Binding was aborted. For successful binding, you need to remove the other certificates(s) first."

It won't let us remove the previous cert, as it has all of the roles on it. How does one renew this cert?

We are using ISE 3.1.0.

balaji.bandi · ‎01-09-2024

check below thread and do the needful to fix the issue :

https://community.cisco.com/t5/network-access-control/import-root-certificate-with-same-subject-and-issuer-name/td-p/3691935

https://community.cisco.com/t5/network-access-control/unable-to-import-ca-signed-certificate-in-ise/td-p/4448774

It won't let us remove the previous cert, as it has all of the roles on it.  How does one renew this cert?

if this is associated any place you used, you can not remove, you need to unbind and remove that.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

zstamm · ‎01-29-2024

Won't unbinding the certificate cause us to lose access to the ISE interface, and cause other issues? Is there

Aref Alsouqi · ‎01-30-2024

Please select one single usage when you import/bind the certificate, and then after the import is completed go back and edit that cert adding the additional required usages. That's the way how I workaround that typically.