https://community.cisco.com/t5/network-access-control/ise-api-and-valid-certificates/m-p/3825512#M474514 <P>Try the option --cacert. See <A href="http://curl.haxx.se/docs/sslcerts.html" target="_blank">http://curl.haxx.se/docs/sslcerts.html</A></P> <P>You might need to include any intermediate CA certificates.</P> Mon, 25 Mar 2019 12:18:58 GMT hslai 2019-03-25T12:18:58Z https://community.cisco.com/t5/network-access-control/ise-api-and-valid-certificates/m-p/3825483#M474513 <P>Hello all, I'm looking for guidance on proper cert validation for use with the ISE API.</P><P>I have valid certificates on all ISE nodes signed by our internal CA, but whenever I'm making API calls, they will only work if I specify -k/--insecure with curl.</P><P>Using the -v flag, I see the following error when sending a request:</P><PRE>* NSS error -8102 (SEC_ERROR_INADEQUATE_KEY_USAGE)<BR /><BR />curl: (60) Certificate key usage inadequate for attempted operation.</PRE><P>&nbsp;CN and request url do match. I'm not sure what else would need to be present in my certificate.</P> Mon, 25 Mar 2019 11:22:00 GMT https://community.cisco.com/t5/network-access-control/ise-api-and-valid-certificates/m-p/3825483#M474513 anthonylofreso 2019-03-25T11:22:00Z https://community.cisco.com/t5/network-access-control/ise-api-and-valid-certificates/m-p/3825512#M474514 <P>Try the option --cacert. See <A href="http://curl.haxx.se/docs/sslcerts.html" target="_blank">http://curl.haxx.se/docs/sslcerts.html</A></P> <P>You might need to include any intermediate CA certificates.</P> Mon, 25 Mar 2019 12:18:58 GMT https://community.cisco.com/t5/network-access-control/ise-api-and-valid-certificates/m-p/3825512#M474514 hslai 2019-03-25T12:18:58Z