11-06-2020 05:49 AM
Hello,
I have a question about Cisco ISE expired certificate. I attached a screenshot of the certificate which has expired, it is used for (Trust for authentication within ISE, Trust for client Authentication and Syslog, and Trust for certificate-based admin authentication), is it safe to delete this certificate since it's already expired?
And if it should be renewed, how is it renewed? Should I generate a new self-signed certificate and assign these 3 roles to it?
It's a distributed deployment.
Thanks
Solved! Go to Solution.
11-08-2020 03:12 PM - edited 11-08-2020 03:13 PM
This certificate is for "ISE OCSP Responder" of ISE internal CA. If you are not finding a valid certificate with the same subject name, then please go to Administration > System > Certificates > Certificate Management > Certificate Signing Request and choose to renew it. If another one already there with the same subject and valid, then it's safe to delete it.
11-06-2020 09:48 AM
This does not look like a default ISE Certificate. Since it's expired it's say its safe to delete it. No need to generate a new certificate to replace the "Trust For" options.
The Trust For options simply states whether the certificate should be used for trust within ISE (Example node clustering), Client authentication and syslog (Client authentications, obviously..) and trust for admin authentication. You could have lots of certificates with all these options enabled so deleting it does not necessary mean that you need to enable it on other certificates.
11-08-2020 09:09 AM
Create a new certificate and assign it the roles then delete your expired, unused certificate.
11-08-2020 03:12 PM - edited 11-08-2020 03:13 PM
This certificate is for "ISE OCSP Responder" of ISE internal CA. If you are not finding a valid certificate with the same subject name, then please go to Administration > System > Certificates > Certificate Management > Certificate Signing Request and choose to renew it. If another one already there with the same subject and valid, then it's safe to delete it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide