Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3366
Views
1
Helpful
3
Replies

OSCP Responder Certificate expiring

Go to solution
Anthony O'Reilly
Level 3
Level 3

‎11-23-2021 06:19 AM

Hi,

 

I have two ISE appliances, 2.7 Patch 2.

 

I have an alert to state that two certificates are due to expire in about 20 days.

 

The certificates are OSCP responder 000001# and 000006#.

 

I tried to renew the certificates and it stated that it may take a while to update/renew the certificate. I did this yesterday (about 20hours ago) and it hasn't renewed the certs. I have tried again without any luck.

 

Any ideas??

CCOSCP3.JPG
Preview file
20 KB
CCOSCP2.JPG
Preview file
46 KB
CCOSCP1.JPG
Preview file
52 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Anthony O'Reilly
Level 3
Level 3
In response to jamesbos96602

‎12-07-2021 06:04 AM

Hi,

 

I logged a case with Cisco TAC and they were able to confirm that they were no longer in use. The certificates were deleted.

 

This did not interrupt service.

View solution in original post

3 Replies 3

Go to solution
jamesbos96602
Level 1
Level 1

‎11-23-2021 12:30 PM

on some devices you over right the certifice rules,  

i cant rember the commands but gose like

crypto pki certificate map map1 1

 

issure-name co cisco manufaturing ca

crypto pki certificate map map1 2

issure-name co act2 sudi ca

crypto pki trustpool policy

match certificate map1 allow expired-certifice

you may be able do this or be like commands or may not work at all but might help some one

 

0 Helpful

Go to solution
Anthony O'Reilly
Level 3
Level 3
In response to jamesbos96602

‎12-07-2021 06:04 AM

Hi,

 

I logged a case with Cisco TAC and they were able to confirm that they were no longer in use. The certificates were deleted.

 

This did not interrupt service.

Go to solution
jamesbos96602
Level 1
Level 1
In response to Anthony O'Reilly

‎12-07-2021 08:44 AM

They right they could not get certificates to work so they turn it off , but now the information is unencrypted, so anyone can see it , so choice useing unencrupted or going to IPsec to encrypt data 

but use this we need way to auto build 

the information I notace on mine in new software that encryption was no longer supported, in short they did not want fix the problems they just turned it off 

is this a problem, if they don’t understand how fix this it huge problem because also meens they have no clue how fix any part of program 

0 Helpful
Top