Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2162
Views
0
Helpful
1
Replies

ISE v3.1 upgrade fails due to non-existing certificate has expired

Go to solution
dal
Level 3
Level 3

‎08-18-2021 06:44 AM

Hi.

In the ISE dashboard, I'm slapped in the face every day with Alarms like these:

Certificate expired.

When looking at this, it says:

Trust certificate 'Certificate Services OCSP Responder - ISE-RvN#00005' expired on Sat; 2 Nov 2019 : Server=ISE
Trust certificate 'Certificate Services Endpoint Sub CA - ISE-RvN#00003' expired on Sat; 2 Nov 2019 : Server=ISE

 

Problem is, those certificates are nowhere to be found in the system.

Both of them have been replaced several times, and the current ones look like this:

Certificate Services OCSP Responder - ISE#00018
Certificate Services Endpoint Sub CA - ISE#00015

 

So how to get rid of this error.

The problem is that I cannot upgrade to v3.1 before this is resolved.

The thing is, I don't even use the Certificate Authority part of ISE

 

Thanks

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎08-18-2021 03:42 PM

If you don't see the certificates in the GUI, they are likely orphaned in the database somehow. You'll need to call TAC to help search for and delete them directly from the database.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎08-18-2021 03:42 PM

If you don't see the certificates in the GUI, they are likely orphaned in the database somehow. You'll need to call TAC to help search for and delete them directly from the database.

0 Helpful
Customers Also Viewed These Support Documents