Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1497
Views
0
Helpful
1
Replies

Cisc ISE Expired certificates

MohamedSamer47595
Level 1
Level 1

‎11-04-2020 03:05 AM

Hello,

 

I have a few certificates on the Cisco ISE that are expired, is it safe to delete these certificates? 

And what are these certificates used for? 

Attached a screenshot of them.ISE expired certificates.png

0 Helpful
1 Reply 1

Arne Bier
VIP
VIP

‎01-05-2021 04:08 PM

Hi @MohamedSamer47595 

 

If you are not doing any EAP based authentication then you could remove these expired certs - technically you can't run an ISE node without an EAP cert - ISE expects an EAP cert on each node, whether you use it or not. If that EAP cert has never been used and it was a self-signed cert (by the ISE node itself) then you can try to renew the cert (extend its life by a few years) - you can edit the settings and apply - but this only works for ISE self-signed certs. If the cert comes from a CA (other than ISE) then you need to replace the cert - but only if you actually need EAP on ISE. If you don't need EAP, then create a self-signed request on each node and this process will install a new EAP cert and leave the expired one in place - it will be tagged as "not in use" - and then you can delete it. 

0 Helpful
Customers Also Viewed These Support Documents