10-12-2021 04:33 AM - edited 10-12-2021 05:20 AM
I found that there are 4 self-signed certifications on the ISE by default.
One of them is for SAML, only which of the due can be extended by checking the " Renewal Period" box and enter the TTL.
Solved! Go to Solution.
10-12-2021 06:45 AM
For the ISE Messaging Service, it is generated from the Internal CA service that runs on ISE.
The Messaging cert is not extended, and for this case, I would suggest regenerating the ISE Root CA.
Go to Certificates, then Certificate Signing Requests, and Generate CSR. There will be a pull-down menu, select ISE Root CA from that and then the Generate button. The pull-down will also have the ISE Messaging cert, among others. If your messaging cert is about to expire, it's likely expiring on more than one node and a new root would be a better method.
HTH.
10-12-2021 09:02 AM
In addition to what @ComputerRick correctly noted, you must first have the Internal Certificate Authority (CA) enabled for the ISE Root CA option to be available as an option.
Administration > System > Certificates > Certificate Authority > Internal CA settings > Enable Certificate Authority
10-12-2021 06:45 AM
For the ISE Messaging Service, it is generated from the Internal CA service that runs on ISE.
The Messaging cert is not extended, and for this case, I would suggest regenerating the ISE Root CA.
Go to Certificates, then Certificate Signing Requests, and Generate CSR. There will be a pull-down menu, select ISE Root CA from that and then the Generate button. The pull-down will also have the ISE Messaging cert, among others. If your messaging cert is about to expire, it's likely expiring on more than one node and a new root would be a better method.
HTH.
10-12-2021 09:02 AM
In addition to what @ComputerRick correctly noted, you must first have the Internal Certificate Authority (CA) enabled for the ISE Root CA option to be available as an option.
Administration > System > Certificates > Certificate Authority > Internal CA settings > Enable Certificate Authority
10-13-2021 05:43 PM
Your advice solved the problem I had.
THX!!!
10-13-2021 05:40 PM
As you advised, I set up internal CA and got it!!!
thank you for support!! appreciate it!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide