Cisco Identity Services Engine Posture Updates Failure

On a Cisco ISE 2.x deployment, noticed that the Posture Update (Admin -> Settings -> Posture -> Updates) is failing since 14 Feb, 2018 this year. That was the date the update ran successfully for the last time. The feed URL or proxy settings remained the same during this time.

 

Cisco ISE Posture Updates Failure

 

Manual “Update Now” is bringing this message in a pop-up window.

Remote address is not accessible. Please make sure update feed url, proxy address and proxy port are properly configured.

 

The error message above is misleading. Found this Cisco Field Notice online which talks about this issue and provides a fix.

 

Basically, the SSL certificate has changed for Cisco’s website and the new signing Root CA and Issuing CA are not on the list of ISE Certificate Trust Store (CTS) at this point. You need to manually import the two certificates into the ISE CTS.

 

cisco.com ssl cert change

Download the Root CA “QuoVadis Root CA2” and Issuing CA “HydrantID SSL ICA G2” from HERE

 

The Posture Updates works without a hitch after the two certificates are imported into the ISE CTS.

 

Share this:

About: Rashid