Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
172
Views
0
Helpful
1
Replies

ISE Messaging Service and pxGrid cert "stale" on PAN only

NetworkMonkey101
Level 1
Level 1

‎07-10-2024 01:55 AM

Hi, I have a deployment with several nodes. All nodes are showing an active ISE Messaging Service cert but the PAN is showing stale.

pxGrid is setting on a pxg node and also active and not in use on the PAN.

How do I resolve these and make them active, although the pxGrid cert is not really required on the PAN

0 Helpful
1 Reply 1

Greg Gibbs
Cisco Employee
Cisco Employee

‎07-10-2024 03:25 PM

Stale does not mean that the certificate is not valid. It is simply an indication that the certificate might not be in use. You can see the checks that ISE uses to define a Stale certificate in the Admin Guide.
https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/admin_guide/b_ise_admin_3_3/b_ISE_admin_33_basic_setup.html#concept_a1f_v2t_msb

It is not uncommon for an ISE cluster to show Stale certificates, especially if Wildcard and/or WildSAN certificates are in use. This does not necessarily indicate a problem and is working as designed.

0 Helpful
Customers Also Viewed These Support Documents