Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
642
Views
3
Helpful
7
Replies

ISE sends the old self-signed certificate instead of the newly one

Go to solution
rezaalikhani
Level 3
Level 3

‎05-10-2023 08:50 PM

Hi all;

Look at the following figure1.png:

As you can see, I replaced the ISE self-signed certificate with my domain-based certificate. But, when I want to connect ISE with a domain joined computer (so, the root CA certificate that ISE uses, also has been installed on that system), ISE advertises its previous self-signed cert:

2.png

3.png

I am using ISE 3.2 Patch 1 in my lab...

Any ideas?

 

0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-11-2023 01:40 AM

i have not come across any issue before, try remove and re-installing again and test it.

On the end device try delete any old root certs were associated for the old one ?

Note : other option before re-installing - Close the browser - clear the cache and reboot the PC and test it.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
Nancy Saini
Cisco Employee
Cisco Employee

‎05-11-2023 06:25 AM

The node on which the certificate is installed is the one handling the authentication request, right? If yes then maybe the change didn't get reflected at the DB level. Can you try reloading the node and check?

View solution in original post

Go to solution
rezaalikhani
Level 3
Level 3
In response to rezaalikhani

‎05-17-2023 08:08 PM

Removing the old cert and re-installing it, solved the issue...

View solution in original post

0 Helpful
7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-11-2023 01:40 AM

i have not come across any issue before, try remove and re-installing again and test it.

On the end device try delete any old root certs were associated for the old one ?

Note : other option before re-installing - Close the browser - clear the cache and reboot the PC and test it.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
rezaalikhani
Level 3
Level 3
In response to balaji.bandi

‎05-11-2023 09:17 PM

Thanks for your reply;

As you can see in my post, this is not the browser issue, as ISE is advertising its previously self-signed certificate, instead of the newly added certificate.

0 Helpful

Go to solution
Nancy Saini
Cisco Employee
Cisco Employee

‎05-11-2023 06:25 AM

The node on which the certificate is installed is the one handling the authentication request, right? If yes then maybe the change didn't get reflected at the DB level. Can you try reloading the node and check?

Go to solution
rezaalikhani
Level 3
Level 3
In response to Nancy Saini

‎05-14-2023 12:40 AM

I have reloaded the server several times but the issue persists...

0 Helpful

Go to solution
Dustin Anderson
VIP
VIP

‎05-12-2023 09:25 AM - edited ‎05-12-2023 09:26 AM

I would also try an incognito browser as I have seen the browser not reflect the change even though the cert has changed.

Go to solution
rezaalikhani
Level 3
Level 3
In response to Dustin Anderson

‎05-14-2023 12:40 AM

This is my exact problem...

0 Helpful

Go to solution
rezaalikhani
Level 3
Level 3
In response to rezaalikhani

‎05-17-2023 08:08 PM

Removing the old cert and re-installing it, solved the issue...

0 Helpful
Customers Also Viewed These Support Documents