Customer is trying to figure out a way to create a report of the MIC certificates in their Cisco IP Phones and their date of expiration to plan for the implementation of LSC.
Since we can use the "Days to Expiry" attribute in an AuthZ policy and it provides the quantity of days to expiry, it means that the expiration date is extracted and logged somewhere I guess. In which log can I find this information?
Solved! Go to Solution.
One alternative in this case, would be to write a duplicate policy for authenticating your phones on top of the existing policy but name this policy something like 'Phone-Auth-expires-less-than-100' and add the expire attribute as something that must be matched. You can then easily report on the devices that match this policy instead of your already existing policy.
I imagine ISE calculates the expiry date by deducting the expiration date of the cert from the current date. All X.509 certs have validity attributes.
BTW why wait for the MICs to expire? Why risk having phones not register some day in the future when you can just install your LSCs during a maintenance window?