Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
289
Views
1
Helpful
10
Replies

Ise 3.2 - Can I recreate Internal Root Cert

oscardenizjensen
Level 1
Level 1

‎12-11-2024 02:10 AM - edited ‎12-11-2024 02:10 AM

I have Internal Root Cert for ISE, but I want to delete it and create new one with different CN.

But I didn't want to delete it before knowing whether is it possible to create new Internal Root Cert for ISE? And if yes how do I create a new Root Cert on ISE?

Regards

10 Replies 10

oscardenizjensen
Level 1
Level 1
In response to Flavio Miranda

‎12-11-2024 04:29 AM

Thanks, but when I try to delete a CA i get the below error

oscardenizjensen_0-1733920169865.png

 

0 Helpful

Flavio Miranda
VIP
VIP
In response to oscardenizjensen

‎12-11-2024 04:49 AM

Because the certificate is being used by ise01-poc.  You probably have more than one ISE box, right?  This ise01-poc probably is a PSN and is using the certificate.

0 Helpful

Aref Alsouqi
VIP
VIP

‎12-11-2024 09:06 AM

After you regenerate the root CA cert on ISE the new cert will be propagated across the nodes. Once that is completed the old cert should show as not in use. Only then you can remove it.

0 Helpful

MHM Cisco World
VIP
VIP

‎12-11-2024 09:13 AM

I will send you PM 

MHM

0 Helpful

Aref Alsouqi
VIP
VIP

‎12-11-2024 09:21 AM

Actually, I've just looked into this, when you regenerate the root CA certificate, it would replace the old one.

0 Helpful

oscardenizjensen
Level 1
Level 1

‎12-13-2024 02:02 AM

I have regenerated Root CA, but I can not change any values. Now I ended up with 2 set of root CAs and I can not remove any of them

oscardenizjensen_0-1734084162442.png

 



0 Helpful

Aref Alsouqi
VIP
VIP
In response to oscardenizjensen

‎12-13-2024 06:41 AM

What do you mean you can't change any values? what values are you looking to change? if you try to delete the old ones do you get any error?

0 Helpful

oscardenizjensen
Level 1
Level 1
In response to Aref Alsouqi

‎12-16-2024 03:13 AM

I have regenerated new root cert chain. So when I try to remove the old ones I get this error

oscardenizjensen_0-1734347593425.png


Also I wanted to create manual CN value for root cert etc, but i did not have the option to do so while regenerating the root CA

0 Helpful

Aref Alsouqi
VIP
VIP
In response to oscardenizjensen

‎12-16-2024 03:41 AM

Could you please check if any of the identity certificates that you have in System certificates page is still associated with any of the old chain? also, could you please try to remove the identity certs that have "not in use" next to them and try to remove the old chain afterwards?

0 Helpful
Customers Also Viewed These Support Documents