cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3941
Views
10
Helpful
7
Replies

ISE 2.6 Alarms: Certificate Expired

On the ISE Dashlet started seeing the below alarm even though the node was removed long ago.

 

We have tried restarting the Application ISE but no luck.

 

Please input is there a way to flush the cache?

 

 

InkedALarm_LI.jpg

1 Accepted Solution

Accepted Solutions

If the GUI doesn't expose the expired trusted certificate you should open a TAC case. They can install the root patch and go into the cli shell to manually remove the object(s) from the database. I recently had to do the same for an LDAP identity source.

View solution in original post

7 Replies 7

Mike.Cifelli
VIP Alumni
VIP Alumni
If that certificate is no longer in use you can remove it from ISE by going to Administration->System->Certificate Management->Trusted Certificates. HTH!

@Mike.Cifelli  Thanks for your response, unfortunately the certs are not listed under Administration->System->Certificate Management->Trusted Certificates.

 

So I thought I try to restart the Application ISE but the did not help!

If the GUI doesn't expose the expired trusted certificate you should open a TAC case. They can install the root patch and go into the cli shell to manually remove the object(s) from the database. I recently had to do the same for an LDAP identity source.


@Marvin Rhoads wrote:

If the GUI doesn't expose the expired trusted certificate you should open a TAC case. They can install the root patch and go into the cli shell to manually remove the object(s) from the database. I recently had to do the same for an LDAP identity source.


Thanks for your valuable input, appreciates.

Surendra
Cisco Employee
Cisco Employee
You might want to look at Administration > System > Certificates > Trusted Certificate store. Looks like it’s a certificate in there that has expired.

It doesn't have the certificate under trusted certificate store, however I opened a TAC case to delete the cert through root access, will keep you posted.

I was wondering if the TAC case resolved this?