Hi @abhijith891
You'll have to ditch the certs for company1.com domain once they expire - if you do not own that domain then it's no longer up for discussion.
Moving forward, you can still run your ISE nodes with FQDNs that have company1.com, and use some DNS CNAME entries to allow DNS resolution of company2.com - this means your ISE 1.4 nodes are still called ise1.company1.com and ise2.company1.com etc - but as far as DNS is concerned, your ise nodes can have a canonical name of ise1.company2.com which points to the A Record of ise1.company1.com - this means you don't need to reconfigure your ISE nodes at the CLI level.
All other logic in ISE such as URL redirection should then specify the new company2.com domains which clients will use to resolve the ISE Guest portals.
AD integration has nothing much to do with x.509 certificates. This means you can keep your legacy AD join points to company1.com for the purposes of AD integration.
I am going on what I know for ISE 2.x - I don't think ISE 1.4 is that much different but I will caveat here that these things are fundamentally doable.
Hope that helps
Arne