https://community.cisco.com/t5/network-access-control/should-ise-certificate-ise1-domain-local-be-imported-to-hosts/m-p/4504033#M571093 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/833210">@Mike.Cifelli</a>&nbsp;</P><P>&nbsp;</P><P>I imported the ISE Certificate, however, this time, a Self Signed one, an the error went away.&nbsp;</P><P>&nbsp;</P><P>Am using Cisco AnyConnect as an agent in the supplicant hosts.&nbsp;</P><P>&nbsp;</P><P>Thank you,</P><P>Laura&nbsp;</P> Wed, 17 Nov 2021 07:56:57 GMT laurathaqi 2021-11-17T07:56:57Z https://community.cisco.com/t5/network-access-control/should-ise-certificate-ise1-domain-local-be-imported-to-hosts/m-p/4501881#M571028 <P>Dear community,&nbsp;</P><P>&nbsp;</P><P>As part of the ISE Posture with AnyConnect, I have imported the Root certificate to all domain hosts via GPO.&nbsp;</P><P>However, am still getting a Certificate error of untrusted server, when AnyConnect tries to talk to ISE appliance during posture process. The ISE is signed by the same Root Cert which is imported in the Trusted Authority in the hosts computers. And that certificate is checked to be used for portals also. However, I did not import this certificate in all of the hosts of the domain. And only Root is imported.</P><P>So my question is as following:&nbsp;</P><P>Should I also import the ISE certificate into this Trusted Authority in order to remove this error?&nbsp;</P><P>&nbsp;</P><P>The guides are quite hard to decipher on this specific information.&nbsp;&nbsp;</P><P>&nbsp;</P><P>Thank you,</P><P>Laura&nbsp;&nbsp;</P> Fri, 12 Nov 2021 07:48:39 GMT https://community.cisco.com/t5/network-access-control/should-ise-certificate-ise1-domain-local-be-imported-to-hosts/m-p/4501881#M571028 laurathaqi 2021-11-12T07:48:39Z https://community.cisco.com/t5/network-access-control/should-ise-certificate-ise1-domain-local-be-imported-to-hosts/m-p/4502920#M571048 <P><SPAN>Should I also import the ISE certificate into this Trusted Authority in order to remove this error?&nbsp;</SPAN></P> <P><SPAN>-Please also import the intermediate certificate into the respective trust store on the client that is also a part of the chain.&nbsp; Test, and see if your result changes <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></SPAN></P> <P><SPAN>Out of curiosity, are you using NAM or native supp.?</SPAN></P> Mon, 15 Nov 2021 13:18:56 GMT https://community.cisco.com/t5/network-access-control/should-ise-certificate-ise1-domain-local-be-imported-to-hosts/m-p/4502920#M571048 Mike.Cifelli 2021-11-15T13:18:56Z https://community.cisco.com/t5/network-access-control/should-ise-certificate-ise1-domain-local-be-imported-to-hosts/m-p/4504033#M571093 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/833210">@Mike.Cifelli</a>&nbsp;</P><P>&nbsp;</P><P>I imported the ISE Certificate, however, this time, a Self Signed one, an the error went away.&nbsp;</P><P>&nbsp;</P><P>Am using Cisco AnyConnect as an agent in the supplicant hosts.&nbsp;</P><P>&nbsp;</P><P>Thank you,</P><P>Laura&nbsp;</P> Wed, 17 Nov 2021 07:56:57 GMT https://community.cisco.com/t5/network-access-control/should-ise-certificate-ise1-domain-local-be-imported-to-hosts/m-p/4504033#M571093 laurathaqi 2021-11-17T07:56:57Z