Solved: OSCP Responder Certificate expiring

Anthony O'Reilly · ‎11-23-2021

Hi,

I have two ISE appliances, 2.7 Patch 2.

I have an alert to state that two certificates are due to expire in about 20 days.

The certificates are OSCP responder 000001# and 000006#.

I tried to renew the certificates and it stated that it may take a while to update/renew the certificate. I did this yesterday (about 20hours ago) and it hasn't renewed the certs. I have tried again without any luck.

Any ideas??

Anthony O'Reilly · ‎12-07-2021

Hi,

I logged a case with Cisco TAC and they were able to confirm that they were no longer in use. The certificates were deleted.

This did not interrupt service.

View solution in original post

jamesbos96602 · ‎11-23-2021

on some devices you over right the certifice rules,

i cant rember the commands but gose like

crypto pki certificate map map1 1

issure-name co cisco manufaturing ca

crypto pki certificate map map1 2

issure-name co act2 sudi ca

crypto pki trustpool policy

match certificate map1 allow expired-certifice

you may be able do this or be like commands or may not work at all but might help some one

Anthony O'Reilly · ‎12-07-2021

Hi,

I logged a case with Cisco TAC and they were able to confirm that they were no longer in use. The certificates were deleted.

This did not interrupt service.

jamesbos96602 · ‎12-07-2021

They right they could not get certificates to work so they turn it off , but now the information is unencrypted, so anyone can see it , so choice useing unencrupted or going to IPsec to encrypt data

but use this we need way to auto build

the information I notace on mine in new software that encryption was no longer supported, in short they did not want fix the problems they just turned it off

is this a problem, if they don’t understand how fix this it huge problem because also meens they have no clue how fix any part of program