Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1711
Views
5
Helpful
1
Replies

ISE 2.4 CA signed Certificates expired but ISE services still accessible

Go to solution
girish_gavandi
Level 1
Level 1

‎05-27-2021 03:22 AM

Hello,

 

I was working on a ISE 2.4 deployment (patch 5) and found that the CA signed certificates were expired. Strangely, the ISE admin, portal, RADIUS etc. services were accessible. From what I read, this shouldnt happen.

 

Ultimately, the moment I tried to install the latest patch, ISE restarted its services and ISE nodes stopped communicating within the deployment.

 

Wonder what caused the nodes to keep running even after certificate expiry?

 

Any insight/information would be great.

 

Regards,

Girish

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎06-01-2021 01:58 PM

All ISE portals and services will continue to function even with default self-signed or expired certificates. RADIUS and TACACS may function without CA-signed certificates.

Your endpoints and/or users, however, may not decide trust ISE as an authentication server depending on the supplicant configuration or risk tolerance.

View solution in original post

1 Reply 1

Go to solution
thomas
Cisco Employee
Cisco Employee

‎06-01-2021 01:58 PM

All ISE portals and services will continue to function even with default self-signed or expired certificates. RADIUS and TACACS may function without CA-signed certificates.

Your endpoints and/or users, however, may not decide trust ISE as an authentication server depending on the supplicant configuration or risk tolerance.

Customers Also Viewed These Support Documents