08-12-2018 07:12 PM
Hello
The Default Portal Certificate Group uses the 1 year self-signed certificate by default, and this cert has long since expired. I have a customer who doesn't use portals at all. But the self signed cert has expired and they want to delete it.
I have created a new Portal certificate and then assigned all the Guest/Sponsor portals to the new cert. But ISE doesn't let me unlink the old cert from the Blacklist, Cert/Client Provision portals, and therefore I cannot delete the expired cert!!! Customer only has Base license - no Plus license :(
This seems like a design flaw to me.
Do I need to open a TAC case, get a temp Plus license to unlock the menu items to allow me to make the portal changes?
Solved! Go to Solution.
08-12-2018 08:59 PM
I believe you can still just request a 90 day eval cert and install it to get Plus licensing. Make a 15 year self-signed cert and assign it to the default portal. I make a 15 year self-signed cert for SAML on all my deployments because you can't delete that cert and most customers never use it.
08-12-2018 07:29 PM - edited 08-12-2018 07:29 PM
When you import the cert it lets you select which portals to assign it to. Will it let you select those portals when you do the cert import?
08-12-2018 08:08 PM
Hi Cory
you're right. I forgot to mention that I have two nodes. When I create a new self-signed cert for Portal role, I created a new Portal Group "e.g. portals" and assigned the new cert to it. On node 1 it worked and I could delete the cert. But on node 2 it didn't.
I have seen this before but in that case I had eval/Plus license in order to manipulate the "BYOD portals".
08-12-2018 08:59 PM
I believe you can still just request a 90 day eval cert and install it to get Plus licensing. Make a 15 year self-signed cert and assign it to the default portal. I make a 15 year self-signed cert for SAML on all my deployments because you can't delete that cert and most customers never use it.
08-13-2018 02:42 AM
Hi Paul
I do the same - I call it preventative housekeeping. I chose 10 years instead of 15 - but principle is the same. Prevention is better than cure :) I don't want my customers to have these red icons hanging around, or to get into a habit of ignoring warnings.
I'll request a Plus eval and see how it goes. Thanks for the tip!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide