Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


Cisco ISE - Expired certificates cannot be deleted.

We just renewed our public cert, which I installed on my ISE nodes.  I have attempted to delete the expired cert, but get various errors and cannot delete them.  I did not see any related bug.   Ideas?


Errors on the PSNs

I am not sure how I change the portal configuration?...


Error on the PANs



Cisco Employee

Before a certificate can be deleted, all of its current tasks/functions must be assigned to another certificate. So you should first:

- Import your new cert

- Edit the cert and assign the EAP Authentication and Portal Certificate Group Tag that you are currently using to it. 

- Then go back and delete the old certificate


Thank you for rating helpful posts!

What if I have a cert whose functions I no longer want assigned to a particular ISE node?  For example, when we originally setup the primary PAN, we assigned the cert Portal, EAP Authentication, and Admin functions.

We only want/need the Admin function for the PANs, so how do I get rid of the other functions?



So you cannot disable EAP...You can decide to not use it in your ISE policies but the protocol is always there and it needs a certificate coupled to that function.

For the guest portal: You can delete all of the guest portal that you don't use and thus removing the need for that function.

To make things easier, you can just generate a self-signed cert and assign all of services that you are not using to it.


Thank you for rating helpful posts!


Content for Community-Ad