Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7061
Views
7
Helpful
2
Replies

Cisco Ise certificate expired

Go to solution
Giesseffe
Level 1
Level 1

‎11-11-2021 01:00 AM

I have the following three expired certficates on Cisco ISE.

  1. Default self-signed server certificate (expired on 06 Nov 2019)
  2. DST Root CA X3 Certificate Authority (expired on 30 Sep 2021)
  3. VeriSign Class 3 Secure Server CA - G3 (expired on 08 Feb 2020)

Since we have to update to version 2.6 can we prooceed to delete them without any problems?

Alternatively, is it possible to renewal them with a internal ise procedure?

Thanks a lot

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎11-15-2021 01:51 PM

See the following posts related to the public signed certs:

OK to delete DST Root CA X3 Certificate Authority ? 

[ISE 2.3.7] How to renew the 'VeriSign Class 2 Secure Server CA - G3 in Trusted Certificates. 

If the self-signed cert does not have a usage attached, you can delete it. If it does have a usage attached (e.g. SAML,  pxGrid, etc), you should generate a new self-signed certificate for that usage, then delete the expired cert.

View solution in original post

2 Replies 2

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame

‎11-11-2021 01:37 AM

 

 - As far as renewal procedures is concerned , you may want to check these documents :

     https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217191-configuration-guide-to-certificate-renew.html

   https://community.cisco.com/t5/security-documents/how-to-implement-digital-certificates-in-ise/ta-p/3630897

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎11-15-2021 01:51 PM

See the following posts related to the public signed certs:

OK to delete DST Root CA X3 Certificate Authority ? 

[ISE 2.3.7] How to renew the 'VeriSign Class 2 Secure Server CA - G3 in Trusted Certificates. 

If the self-signed cert does not have a usage attached, you can delete it. If it does have a usage attached (e.g. SAML,  pxGrid, etc), you should generate a new self-signed certificate for that usage, then delete the expired cert.

Customers Also Viewed These Support Documents