Solved: Get certificates expiration due time points through an ISE API

DawidCiepiela76226 · ‎12-02-2020

Hello folks,

I wonder if there is a way to retreive a list of all installed certificates on the ISE with their expiration time points through a HTTP call to either Monitoring API or ERS API. Their documentation seem to be uncomplete (compare https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/api_ref_guide/api_ref_book/ise_api_ref_ch2.html and https://community.cisco.com/t5/network-access-control/ise-2-4-base-license-sessions-exceeded-database-error/td-p/3997122), so I hope to find a way to set up an automated monitoring system for the certificates.

Thanks in advance!

Mike.Cifelli · ‎12-03-2020

AFAIK there is not an API that you can consume to accomplish this. Relating to certificates there are two APIs that are available in the SDK: Certificate Template & Endpoint Certificate APIs. One option you could look into is setting up an alarm to send you an email. See 'Certificate Expiration' alarm under Administration->System->Settings->Alarm Settings. HTH!

View solution in original post

Mike.Cifelli · ‎12-03-2020

AFAIK there is not an API that you can consume to accomplish this. Relating to certificates there are two APIs that are available in the SDK: Certificate Template & Endpoint Certificate APIs. One option you could look into is setting up an alarm to send you an email. See 'Certificate Expiration' alarm under Administration->System->Settings->Alarm Settings. HTH!

DawidCiepiela76226 · ‎12-06-2020

Hi Mike,

thanks for your reply. I still wonder if there really isn't any way to get this data. We are using https://<ISE MNT node ip>/admin/API/mnt/Session/License/LicenseCountsFromSessionDB to minitor our license consumption in Dashboards even though this API call is not documented at all. I will wait for another solution, perhaps someone else knows more about the monitoring API...

Kind regards