Field Notice: FN74259 - Cisco Identity Services Engine – Alarms Indicating Baltimore CyberTrust Root Expiration - Configuration Change Recommended

Available Languages

Updated:March 19, 2025
Document ID:FN74259

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Low
Impact Rating:
Low
First Published:
2025-Mar-19
Last Published:
2025-Mar-19
Revision:
1.0
Cisco Bug IDs:

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Products Affected


Affected Software Product Affected Release Affected Release Number Comments
Identity Services Engine System Software 3 3.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0 All versions of ISE release 3.0 are affected
All versions of ISE release 3.1 are affected
All versions of ISE release 3.2 are affected
All versions of ISE release 3.3 are affected
All versions of ISE release 3.4 are affected

Defect Information


Defect IDHeadline
CSCwo05386ISE getting alarms regarding internal certificate Baltimore CyberTrust Root expiring

Problem Description


Cisco Identity Services Engine (ISE) generates alarms that indicate that the Baltimore CyberTrust Root certificate will expire in 90 days. 


Background


In the past, ISE has used the Baltimore CyberTrust Root certificate to connect to Cisco.com through SSL to obtain binary and data updates for Posture and Bring Your Own Device (BYOD). The following certificate is no longer used by Cisco ISE:

Certificate Name: Baltimore CyberTrust Root

Valid Until: 12/May/2025

Serial Number: 02:00:00:B9

This certificate is installed by default in Cisco ISE releases 3.0, 3.1, 3.2, 3.3, and 3.4.


Problem Symptom


When administrators choose ISE > Dashboard > Alarm, the following alarm may be seen:

ISE Alarm : Warning : Trust certificate 'Baltimore CyberTrust Root' will expire in 90 days : NODE-NAME


Workaround/Solution


Solution

To resolve this issue, the Baltimore CyberTrust Root certificate can be deleted from the ISE system by performing the following steps: 

  1. Navigate to ISE > Administration > System > Certificates > Trusted Certificates.
  2. Select the Baltimore CyberTrust Root trusted certificate.
  3. Click Delete.

This certificate is no longer used by the ISE system software, and deleting the certificate will have no impact on ISE services and functionality. 


Revision History


VersionDescriptionSectionDate
1.0Initial Release2025-MAR-19

For More Information

For further assistance or for more information about this field notice, contact the Cisco Technical Assistance Center (TAC) using one of the following methods:

Receive Email Notification About New Field Notices

To receive email updates about Field Notices (reliability and safety issues), Security Advisories (network security issues), and end-of-life announcements for specific Cisco products, set up a profile in My Notifications.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products