Solved: Re: SHA1 and ISE

Abhishek Kumar · ‎01-25-2017

One of my customer has Cisco ISE 1.4 nodes currently use SHA1 certificates. They plan to upgrade to Cisco ISE 2.x and will move to SHA2 certificates at that time. However, the upgrade will not happen until April so wondered if there is likely to be any issues using the SHA1 certificates in the meantime?

Q, Will Microsoft’s plans to deprecate SHA1 have an impact on people using it to authenticate to ISE?

http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-sha1-certificates.aspx

I guess we have quite a few customers running SHA1, so this could be a big issue?

hslai · ‎01-25-2017

See Microsoft no longer supporting sha-1

View solution in original post

hslai · ‎01-25-2017

See Microsoft no longer supporting sha-1

pga400pe2 · ‎02-16-2017

OK but, as of today (02-16-2017), how can we still access the Admin Portal?

hslai · ‎02-18-2017

If your ISE admin portal is signed by a CA which is a participant of Microsoft Trust Root Certificate Program (see http://aka.ms/trustcertpartners) and if you are using Internet Explorer 11, then February 2017 Plan says,

On February 14, 2017, Microsoft will release an update to Microsoft Edge and Internet Explorer 11 that will display an Invalid Certificate warning page alerting users that their connection is not secure. Though we do not recommend it, customers have the option to continue to the website.

If not signed by such CA, there should be no impact at this time. If not using IE, please consult the info published by your specific browser vendor.

As suggested at Microsoft no longer supporting sha-1, please plan accordingly and update the certificates at earliest.