cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2998
Views
10
Helpful
3
Replies

ISE 2.4 issue with deleting a certificate CSCvj11476 - Running URT and Upgrade

Alex Pfeil
Level 7
Level 7

I am having a similar issue to the above bug.  I am running ISE 2.3 patch 1.  When I try to run the URT, i get a certificate error and it stops running.  Will this effect the patch and upgrade process?

1 Accepted Solution

Accepted Solutions

I was running ISE 2.4 patch 1. I could not delete a certificate out. It was causing the URT to fail.  I went ahead and applied patch 5.  The reason I did not contact TAC was the bug is listed as a low priority. If the bug is a low priority, it must not be causing too many real issues with operation or upgrading (that is my logic).  The patch installed successfully.  After the patch was complete, the suspect certificate is gone as well.

View solution in original post

3 Replies 3

Damien Miller
VIP Alumni
VIP Alumni
There was also another bug related to ghost certificates, where if you ever changed the hostname of a node, certs would not get removed from the store. So if you ever changed the hostname, it would give TAC a direction. I'm not 100% certain on this, but I've been under the assumption that if the URT fails on any of it's list of steps, then the upgrade bundle will hit the same snag. One way to check would be to build a temp 2.4 vm, restore your backup, and see how it goes.

I would check both the system certificates and trust certificates for any expired certs. If you can't see the issue then the next step is get TAC involved to correct the issue. The reason the URT exists is to open preemptive cases to fix any issues like this, chances are they have dealt with it before.

I was running ISE 2.4 patch 1. I could not delete a certificate out. It was causing the URT to fail.  I went ahead and applied patch 5.  The reason I did not contact TAC was the bug is listed as a low priority. If the bug is a low priority, it must not be causing too many real issues with operation or upgrading (that is my logic).  The patch installed successfully.  After the patch was complete, the suspect certificate is gone as well.

Adding patch 5 worked.  It gave me information on where to remove the certificate, from Syslog targets, I changed cert and could proceed with the 2.6 upgrade.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: