07-12-2021 06:25 AM
I'm looking for a way to renew the "Certificate Services Node CA" certificate that was signed by the internal Root CA.
The Node CA is expired but was not renewed by ise. I'm able to create a csr but can't find a way to sign it, except exporting and sign it with an external CA.
Any help would be appreciated.
Solved! Go to Solution.
07-12-2021 05:57 PM
If the Node CA certificate is expired, it's likely the entire Root chain has also expired. You can generate a new Root CA chain from the Administration > System > Certificates > Certificate Management > Certificate Signing Requests > Generate Certificate Signing Requests (CSR) page by selecting the ISE Root CA usage.
07-12-2021 05:57 PM
If the Node CA certificate is expired, it's likely the entire Root chain has also expired. You can generate a new Root CA chain from the Administration > System > Certificates > Certificate Management > Certificate Signing Requests > Generate Certificate Signing Requests (CSR) page by selecting the ISE Root CA usage.
07-13-2021 02:29 AM
Thanks, this is working.
My Root CA is still valid for a few jears but as I'm unable to sign thenode CA csr the Root CA renewal is a good workaround as ise created every Sub-CA new. I can now just remove the old certificates.
01-05-2024 12:02 AM
This is working solution, thanks.
You need to "Enable Certificate Authority" if it is disabled.
Administration > System > Certificates > Certificate Authority > Internal CA Settings > Enable Certificate Authority
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide