Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5274
Views
5
Helpful
2
Replies

Cisco Ise certificate expired

Go to solution
Giesseffe
Level 1
Level 1

‎11-11-2021 01:00 AM

I have the following three expired certficates on Cisco ISE.

  1. Default self-signed server certificate (expired on 06 Nov 2019)
  2. DST Root CA X3 Certificate Authority (expired on 30 Sep 2021)
  3. VeriSign Class 3 Secure Server CA - G3 (expired on 08 Feb 2020)

Since we have to update to version 2.6 can we prooceed to delete them without any problems?

Alternatively, is it possible to renewal them with a internal ise procedure?

Thanks a lot

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎11-15-2021 01:51 PM

See the following posts related to the public signed certs:

OK to delete DST Root CA X3 Certificate Authority ? 

[ISE 2.3.7] How to renew the 'VeriSign Class 2 Secure Server CA - G3 in Trusted Certificates. 

If the self-signed cert does not have a usage attached, you can delete it. If it does have a usage attached (e.g. SAML,  pxGrid, etc), you should generate a new self-signed certificate for that usage, then delete the expired cert.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
marce1000
VIP
VIP

‎11-11-2021 01:37 AM

 

 - As far as renewal procedures is concerned , you may want to check these documents :

     https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217191-configuration-guide-to-certificate-renew.html

   https://community.cisco.com/t5/security-documents/how-to-implement-digital-certificates-in-ise/ta-p/3630897

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎11-15-2021 01:51 PM

See the following posts related to the public signed certs:

OK to delete DST Root CA X3 Certificate Authority ? 

[ISE 2.3.7] How to renew the 'VeriSign Class 2 Secure Server CA - G3 in Trusted Certificates. 

If the self-signed cert does not have a usage attached, you can delete it. If it does have a usage attached (e.g. SAML,  pxGrid, etc), you should generate a new self-signed certificate for that usage, then delete the expired cert.

0 Helpful
Customers Also Viewed These Support Documents