Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6918
Views
10
Helpful
4
Replies

CISCO ISE 2.4 Alarm about expiration certificate (SAML)

Go to solution
Nadia Bbz
Level 1
Level 1

‎01-23-2020 04:17 AM

Hey Dear ;

 

Trust certificate 'Default self-signed server certificate' will expire soon

we would like to know what  does mean usage for SAML,  and to know if this certificate is really used in my case and how to renew it.

 

Alarm Name :

Certificate Expiration

 

Details :

 Trust certificate 'Default self-signed server certificate' will expire in 60 days : Server=SRP-01-CISE010

 

Description :

This certificate will expire soon.  When it expires, ISE may fail when attempting to establish secure communications with clients.  Inter-node communication may also be affected

 

Severity :

Warning

 

Suggested Actions :

Replace the certificate.  For a trust certificate, contact the issuing Certificate Authority (CA).  For a CA-signed local certificate, generate a CSR and have the CA create a new certificate.  For a self-signed local certificate, use ISE to extend the expiration date. You can just delete the certificate if it is no longer used

 

Thanks for help

 

1 person had this problem
Preview file
23 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nadia Bbz
Level 1
Level 1
In response to Arne Bier

‎01-26-2020 01:16 AM

Hey @Arne Bier  ,

Thanks so much for helping me , I greatly appreciate it.

it's possible to renew certificate just to check the box renewal period and put 10 years or 5 years like the picture below

self signed.JPG

i have another certificate that will expired soon, should i apply the same method to solve it 

self signed certificate.JPG

 

thanks for help

 

View solution in original post

4 Replies 4

Go to solution
Arne Bier
VIP
VIP

‎01-23-2020 01:28 PM

Hi @Nadia Bbz 

 

I implement my own best practice for these situations: any cert that is not required on my customers' nodes is given a 10 year self-signed cert, to ensure that they don't get any expiration notices for certs they don't need. 10 years is the max - but by then I would assume the system would have been rebuilt anyway.

 

Under System Certs, generate a new self-signed cert to replace the current cert. Let's say you want to replace the SAML cert.

self-signed.PNG

 

 

 

 

 

 

Go to solution
Nadia Bbz
Level 1
Level 1
In response to Arne Bier

‎01-26-2020 01:16 AM

Hey @Arne Bier  ,

Thanks so much for helping me , I greatly appreciate it.

it's possible to renew certificate just to check the box renewal period and put 10 years or 5 years like the picture below

self signed.JPG

i have another certificate that will expired soon, should i apply the same method to solve it 

self signed certificate.JPG

 

thanks for help

 

Go to solution
Arne Bier
VIP
VIP
In response to Nadia Bbz

‎01-27-2020 01:45 PM

Hello @Nadia Bbz 

 

I learned something new! Thank you. I have never used that renew self cert button button. It does exactly what it says. For self-signed certs it seems you can either create a new one and delete the old one, or simply use the renew feature.

Here's the difference between creating a new cert, and renewing a cert:

  1. Create New Cert: creates a new Cert Serial Number - calculate new cert Fingerprint (hash)
  2. Renew Cert: Maintain same Serial Number and update the Validity period - calculate new cert Fingerprint (hash)

 

regards

Arne

0 Helpful

Go to solution
r1127hyduk
Level 4
Level 4
In response to Nadia Bbz

‎09-02-2020 04:59 AM

Good notes here - thanks for posting.  Potential issue avoided!

 

0 Helpful
Customers Also Viewed These Support Documents