Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1894
Views
0
Helpful
3
Replies

Cisco ISE 3.0 hot fix patch- do we need to remove expired certificate

Go to solution
anilkumar.cisco
Level 4
Level 4

‎12-23-2021 06:40 AM

Hello Team,

 

During patch or hotfix installation, do we need to remove expired certificate.

 

Actually one of the trusted root certificate is expired , not sure what is the use of that..

 

Also, pls let me know during hotfix upgrade , do we need to restart the ISE server..

 

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marcelo Morais
VIP
VIP

‎12-23-2021 07:10 AM

Hi @anilkumar.cisco ,

 expired Certificates may cause ISE upgrade to fail, in other words, it's a good practice to remove expired Certificate before Patch or Hot Patch installation.

Note: please check the Hot Patch Release Notes, but an Application Server restart is something expected during a Hot Patch installation.

 

Hope this helps !!!

View solution in original post

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to anilkumar.cisco

‎12-23-2021 10:18 AM

If a trusted root certificate has expired, then anything that was using it would already be broken. A couple of the built in certs provided by Cisco have been replaced with alternates in later builds/patches and but the old remained. 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marcelo Morais
VIP
VIP

‎12-23-2021 07:10 AM

Hi @anilkumar.cisco ,

 expired Certificates may cause ISE upgrade to fail, in other words, it's a good practice to remove expired Certificate before Patch or Hot Patch installation.

Note: please check the Hot Patch Release Notes, but an Application Server restart is something expected during a Hot Patch installation.

 

Hope this helps !!!

0 Helpful

Go to solution
anilkumar.cisco
Level 4
Level 4
In response to Marcelo Morais

‎12-23-2021 07:27 AM

in hot patch upgrade or ISE Patch upgrade procedure.. non of the place this statement is written to remove expired certificate  thus got confuse..

 

I am also not sure what is the use of that certificate..

 

As it is trusted root certificate.. but i found the similar trusted valid certificate as well on the system.

 

Don't want to take risk with certificate so need advise.

 

 

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to anilkumar.cisco

‎12-23-2021 10:18 AM

If a trusted root certificate has expired, then anything that was using it would already be broken. A couple of the built in certs provided by Cisco have been replaced with alternates in later builds/patches and but the old remained. 

0 Helpful
Customers Also Viewed These Support Documents