cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1605
Views
0
Helpful
3
Replies

Cisco ISE 3.0 hot fix patch- do we need to remove expired certificate

anilkumar.cisco
Enthusiast
Enthusiast

Hello Team,

 

During patch or hotfix installation, do we need to remove expired certificate.

 

Actually one of the trusted root certificate is expired , not sure what is the use of that..

 

Also, pls let me know during hotfix upgrade , do we need to restart the ISE server..

 

 

2 Accepted Solutions

Accepted Solutions

Marcelo Morais
VIP Advisor VIP Advisor
VIP Advisor

Hi @anilkumar.cisco ,

 expired Certificates may cause ISE upgrade to fail, in other words, it's a good practice to remove expired Certificate before Patch or Hot Patch installation.

Note: please check the Hot Patch Release Notes, but an Application Server restart is something expected during a Hot Patch installation.

 

Hope this helps !!!

View solution in original post

If a trusted root certificate has expired, then anything that was using it would already be broken. A couple of the built in certs provided by Cisco have been replaced with alternates in later builds/patches and but the old remained. 

View solution in original post

3 Replies 3

Marcelo Morais
VIP Advisor VIP Advisor
VIP Advisor

Hi @anilkumar.cisco ,

 expired Certificates may cause ISE upgrade to fail, in other words, it's a good practice to remove expired Certificate before Patch or Hot Patch installation.

Note: please check the Hot Patch Release Notes, but an Application Server restart is something expected during a Hot Patch installation.

 

Hope this helps !!!

in hot patch upgrade or ISE Patch upgrade procedure.. non of the place this statement is written to remove expired certificate  thus got confuse..

 

I am also not sure what is the use of that certificate..

 

As it is trusted root certificate.. but i found the similar trusted valid certificate as well on the system.

 

Don't want to take risk with certificate so need advise.

 

 

If a trusted root certificate has expired, then anything that was using it would already be broken. A couple of the built in certs provided by Cisco have been replaced with alternates in later builds/patches and but the old remained. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers