cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1917
Views
0
Helpful
3
Replies

Cisco ISE 3.0 hot fix patch- do we need to remove expired certificate

anilkumar.cisco
Level 4
Level 4

Hello Team,

 

During patch or hotfix installation, do we need to remove expired certificate.

 

Actually one of the trusted root certificate is expired , not sure what is the use of that..

 

Also, pls let me know during hotfix upgrade , do we need to restart the ISE server..

 

 

2 Accepted Solutions

Accepted Solutions

Hi @anilkumar.cisco ,

 expired Certificates may cause ISE upgrade to fail, in other words, it's a good practice to remove expired Certificate before Patch or Hot Patch installation.

Note: please check the Hot Patch Release Notes, but an Application Server restart is something expected during a Hot Patch installation.

 

Hope this helps !!!

View solution in original post

If a trusted root certificate has expired, then anything that was using it would already be broken. A couple of the built in certs provided by Cisco have been replaced with alternates in later builds/patches and but the old remained. 

View solution in original post

3 Replies 3

Hi @anilkumar.cisco ,

 expired Certificates may cause ISE upgrade to fail, in other words, it's a good practice to remove expired Certificate before Patch or Hot Patch installation.

Note: please check the Hot Patch Release Notes, but an Application Server restart is something expected during a Hot Patch installation.

 

Hope this helps !!!

in hot patch upgrade or ISE Patch upgrade procedure.. non of the place this statement is written to remove expired certificate  thus got confuse..

 

I am also not sure what is the use of that certificate..

 

As it is trusted root certificate.. but i found the similar trusted valid certificate as well on the system.

 

Don't want to take risk with certificate so need advise.

 

 

If a trusted root certificate has expired, then anything that was using it would already be broken. A couple of the built in certs provided by Cisco have been replaced with alternates in later builds/patches and but the old remained.