Have you ever wondered what happens when an ISE admin certificate reaches its expiry date? Probably not, because we don't ever want to consider this situation because it just sounds like bad news.
We would normally heed the ISE certificate expiry warning in the Alarm viewer, and renew way in advance ... right? ;-)
But, what DOES happen when the ISE admin certificate has expired? Let's say the system has been left running for a long time and nobody looks at the alarms? It could very well happen to anyone.
Here is what you would see if you browse to the PAN using the FQDN
This is displayed in the Firefox browser - and any other security conscious browser should act the same. It refuses access to the ISE PAN. Oh dang! How do I get back in?
The Admin certificate has two SAN DNS entries, and an IP address (but I made an unintentional mistake with the IP)
DNS Name: ise01.net.local DNS Name: ise01
It turns out that the browser will turn a blind eye to this dilemma if I use the IP address of the PAN node instead. I will have to re-test to see what would have happened if I had entered the SAN IP address correctly.
I was able to log back in again!
I will have to create another cert with a valid SAN IP address and see whether that works too. This is only a lab node and it's okay if I lose access forever.
Hello dear CISCO community ! I need some help regarding FlexVPN configuration. I have a "central" router used as a VPN concentrator for several IR829 routers (4G mobile routers). Those routers use rsa-sig authentication on their ikev2...
Hi, With AnyConnect 4.7, is it possible to apply an equivalent of the always on VPN “connection fail closed” policy to a Management Tunnel / User tunnel setup? I’ve been testing the new mgmt tunnel feature, and have found that in a captive porta...
Hi Everyone (long time reader first time poster), I have a Cisco IE4000 (actually a Rockwell Stratix 5400 OEM switch but they are hardware & IOS identical for purpose of this discussion) setup with RADIUS and TrustSec connections to an ISE server...
New to ISE and I'm specifically interested in capability mentioned in a video, but Google results aren't helping. Can someone tell me what features of ISE allow denial of access to a class of documents when a user is in a particular location or conn...