Please see the alarm section on Certificate expiration and endpoint certificate expiry for details.
You can configure Alarms in ISE to send a notification (Administration
>System>Settings-->Alarm Settings), edit the alarm, go to alarm configuration or alarm notification to send email/syslog notification when these are generated.
Those are the only options available in ISE, as Hsing pointed out I don’t think you have notifications before endpoint certificate expiry however for general deployment certificate expiration we have options.
In your authorization policy you can also create authorization conditions with Days to expiry and redirect to a portal