Alarm of certificate expiring for the decomminisioned ISE node 2.7

AK002 · ‎08-24-2020

Hi Team,

We are having a strange behaviour on the ISE infra. Getting certificate expiry alerts/mails for the decommissioned node (Node3). Those certificate are not present in System/Trusted/CA authority store under certificates tab verified every where from the ISE GUI, But we are repeatedly getting alerts for these certificates. This will bring huge alerts over emails..

But if check show tech from the ISE server , I could see the certificates are present. Is there a way to delete certificates from ISE CLI.

Trust certificate with friendly name 'Certificate Services OCSP Responder - ise03#00017'

Trust certificate with friendly name 'Certificate Services Root CA - ise03#00016' :

Trust certificate with friendly name 'Certificate Services Endpoint Sub CA - ise03#00015' :

Trust certificate with friendly name 'Certificate Services Root CA - ise03#00014' :

Trust certificate with friendly name 'Certificate Services Endpoint Sub CA - ise03#00013' :

Already Application reset done and even upgrades to ISE 2.7 Patch 2.. but still the issue persists and getting alarms everyday.

Regards,

Arun

Greg Gibbs · ‎08-24-2020

It sounds like the certificate linkages in the Oracle database were not removed. Removing these will require CLI root access so please open a TAC case.

AK002 · ‎08-25-2020

Hi Greg,

So only option in this case will be reaching TAC further for Shell access.

Thanks for your comment.

Regards,

Arun