The Setigo 'AddTrust External CA Root' Root certificate is expiring May 30th 2020. We use a supplicant cert signed by this chain in on Cisco ISE RADIUS PEAP config for 802.1x Wireless clients. Cisco is telling me that this end client Cert must be reissued using a new root due to differing serial numbers between the old and new root certs. Sectigo states that it is not likely needed due to cross signing of the new root cert with the old. Here's the knowledge article https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l00000117LT.
Anyway I was wondering if anyone has had any experience with changing roots on ISE or other RADIUS setups, or just knows what makes sense in regards to this root swap out and the possible end user impact. Thanks Bruce ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
