Cisco ISE is used to control network access using different methods of authentications for wired and wireless end point devices. It is deployed to large number of firms for end point security.
The structure consists for Admin and policy nodes and can also live all on the same box for smaller organizations. Each nodes is secured with certificates for secure HTTPS communications and other services within Cisco ISE.
The issue comes up when you are trying to update the certificate when it is expired or going to expire. below is the error message you will get when you are trying to replace the certificate with the same name.
Clicking “OK” should let you update the certificate, however it does not and will take you back to the same screen. It could be different with different ISE versions, This applies to Cisco ISE 2.4
Here are step by step instructions on the workaround
- Login into the “Cisco ISE portal”
- Go to “Administrations”
- Go to “Certificate Signing Requests”
- Create a new Certificate signing Request and choose the “Node Name” if more than one node in your environment
- Choose the “multi-use” options and add the company details
- Save the file and click on export and this will save the file in the download folder
- Open the file and copy the text
- Rekey the certificate with the certificate provider on their portal to renew the certificate
- Once the new certificate is updated- download it
- Go to “Administrations” and “certificates” and bind the certificate and assign the services that you need it tied to the certificates and if that works that should be it