THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Affected Software Product | Affected Release | Affected Release Number | Comments |
---|---|---|---|
Identity Services Engine System Software | 3 | 3.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0 | All versions of ISE release 3.0 are affected All versions of ISE release 3.1 are affected All versions of ISE release 3.2 are affected All versions of ISE release 3.3 are affected All versions of ISE release 3.4 are affected |
Defect ID | Headline |
CSCwo05386 | ISE getting alarms regarding internal certificate Baltimore CyberTrust Root expiring |
Cisco Identity Services Engine (ISE) generates alarms that indicate that the Baltimore CyberTrust Root certificate will expire in 90 days.
In the past, ISE has used the Baltimore CyberTrust Root certificate to connect to Cisco.com through SSL to obtain binary and data updates for Posture and Bring Your Own Device (BYOD). The following certificate is no longer used by Cisco ISE:
Certificate Name: Baltimore CyberTrust Root
Valid Until: 12/May/2025
Serial Number: 02:00:00:B9
This certificate is installed by default in Cisco ISE releases 3.0, 3.1, 3.2, 3.3, and 3.4.
When administrators choose ISE > Dashboard > Alarm, the following alarm may be seen:
ISE Alarm : Warning : Trust certificate 'Baltimore CyberTrust Root' will expire in 90 days : NODE-NAME
Solution
To resolve this issue, the Baltimore CyberTrust Root certificate can be deleted from the ISE system by performing the following steps:
This certificate is no longer used by the ISE system software, and deleting the certificate will have no impact on ISE services and functionality.
Version | Description | Section | Date |
1.0 | Initial Release | — | 2025-MAR-19 |
For further assistance or for more information about this field notice, contact the Cisco Technical Assistance Center (TAC) using one of the following methods:
To receive email updates about Field Notices (reliability and safety issues), Security Advisories (network security issues), and end-of-life announcements for specific Cisco products, set up a profile in My Notifications.
Unleash the Power of TAC's Virtual Assistance