Re: Cisc ISE Expired certificates

MohamedSamer47595 · ‎11-04-2020

Hello,

I have a few certificates on the Cisco ISE that are expired, is it safe to delete these certificates?

And what are these certificates used for?

Attached a screenshot of them. ISE expired certificates.png

Arne Bier · ‎01-05-2021

If you are not doing any EAP based authentication then you could remove these expired certs - technically you can't run an ISE node without an EAP cert - ISE expects an EAP cert on each node, whether you use it or not. If that EAP cert has never been used and it was a self-signed cert (by the ISE node itself) then you can try to renew the cert (extend its life by a few years) - you can edit the settings and apply - but this only works for ISE self-signed certs. If the cert comes from a CA (other than ISE) then you need to replace the cert - but only if you actually need EAP on ISE. If you don't need EAP, then create a self-signed request on each node and this process will install a new EAP cert and leave the expired one in place - it will be tagged as "not in use" - and then you can delete it.

Cisc ISE Expired certificates

SAML Certificate for SWG User Identity Expiring May 13, 2025

Updated SAML Certificate Web Security and ZTA is now available

SEG: Validation Error : Certificates signature verification failed

Cisco WLC 2500 Certificate Expiration Workaround

Doc - Implementación y Configuración de Cisco ISE