THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision | Publish Date | Comments |
---|---|---|
1.0 |
30-Jan-18 |
Initial Release |
Affected OS Type | Affected Release | Affected Release Number | Comments |
---|---|---|---|
NON-IOS |
1 |
1.3, 1.0, 1.1, 1.2, 1.4 |
All versions |
NON-IOS |
2 |
2.3.0, 2.0.1, 2.0, 2.2.0, 2.1.0 |
All versions |
Defect ID | Headline |
---|---|
CSCvh50630 | Adding Hydrant certificate chain to ISE default trust certificate store |
Cisco Identity Services Engine (ISE) Posture and Bring Your Own Device (BYOD) package updates will fail if the ISE trust store is not updated with the new HydrantID root certificates.
ISE connects to Cisco.com via SSL in order to obtain binary and data updates for Posture and BYOD. On February 14th, 2018, Cisco will renew the certificate for that SSL connection. The new certificate has a root certificate signed by QuoVadis.
Only ISE deployments with Posture or BYOD updates enabled are affected by this change. After Cisco replaces the certificate on the update servers, Posture and BYOD updates will no longer function for systems that have not updated to the new HydrantID root certificates.
Error messages will be displayed when the system has not been updated to new root certificates. Examples of these messages are shown here:
In order to resolve this issue, complete these steps to install the new root certificate chain provided at Cisco.com and trust it for authentication of Cisco Services:
Service is restored. To verify, choose Updates from the Posture option under Administration > System > Settings. In the Posture Updates section, click Update Now. A successful message will display similar to the one in this screenshot:
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.
Unleash the Power of TAC's Virtual Assistance