topic Re: Azure ID Error No trusted certificate found in Network Access Control

Azure ID Error No trusted certificate found

lupingyao — Wed, 03 May 2023 08:03:53 GMT

I have tried to connect Azure and ISE(Version 3.1 patch 6) using ROPC, but I got the following Error:

Connection to ID Store failed with error: javax.net.ssl.SSLHandshakeException: No trusted certificate found and status: 400 BAD_REQUEST

I have checked the Certificate, following Certificate are already installed and using for cisco services:

DigiCert Global Root CA

DigiCert Global Root G2 CA

Microsoft Azure TLS Issuing CA 01

Microsoft Azure TLS Issuing CA 02

Microsoft Azure TLS Issuing CA 05

Microsoft Azure TLS Issuing CA 06

do I forget any Cert or config?

I am following this documentation:

Configure ISE 3.0 REST ID with Azure Active Directory - Cisco

Best Regards

Robin

Re: Azure ID Error No trusted certificate found

Mohammed al Baqari — Wed, 03 May 2023 11:01:39 GMT

You are missing Baltimore CyberTrust Root CA cert. Here is the list of
certs used by azure. Make sure they are imported to ISE.

https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-ca-details?tabs=root-and-subordinate-cas-list

**** please remember to rate useful posts

Re: Azure ID Error No trusted certificate found

lupingyao — Wed, 03 May 2023 11:06:48 GMT

Hi Mohammed,

thanks for you answer, the Baltimore CyberTrust Root CA was also installed in the ISE as Cisco Services...

Re: Azure ID Error No trusted certificate found

Mohammed al Baqari — Wed, 03 May 2023 11:32:39 GMT

Just make the certificate usage for admin portal as well.

Re: Azure ID Error No trusted certificate found

lupingyao — Wed, 03 May 2023 11:42:35 GMT

you mean:

chose: Trust for certificate based admin authentication ?

Re: Azure ID Error No trusted certificate found

lupingyao — Wed, 03 May 2023 12:08:31 GMT

this is the new ISE, just installed. so I am using the default self Cert...

Re: Azure ID Error No trusted certificate found

Mohammed al Baqari — Wed, 03 May 2023 12:42:23 GMT

Yes, I meant this one 'admin authentication'. also, you need to use CA signed certificate to communicate with Azure. otherwise, it won't trust your ISE.

Re: Azure ID Error No trusted certificate found

Mohammed al Baqari — Wed, 03 May 2023 12:43:27 GMT

Here is the list of certs which I used.

Re: Azure ID Error No trusted certificate found

lupingyao — Wed, 03 May 2023 13:04:36 GMT

for me the same, that is why I dön't unterstand...

Re: Azure ID Error No trusted certificate found

Mohammed al Baqari — Wed, 03 May 2023 13:28:39 GMT

but you have selfsigned cert. You need signed one for admin portal. That is
the one used to communicate with azure.

It won't work with self signed one

Re: Azure ID Error No trusted certificate found

lupingyao — Wed, 03 May 2023 13:33:32 GMT

you mean, that I need a public certifcate for admin Portal? from DigiCert Global Roort G2 CA?

Re: Azure ID Error No trusted certificate found

lupingyao — Wed, 03 May 2023 13:35:22 GMT

or can I upload my self signed Cert to Azure, let Azure trust my Cert?

Re: Azure ID Error No trusted certificate found

Mohammed al Baqari — Wed, 03 May 2023 14:06:39 GMT

Yes, you need a signed cert like digicert

Re: Azure ID Error No trusted certificate found

lupingyao — Tue, 09 May 2023 08:58:32 GMT

you mean, that I need a public cert?

I have tried using one private cert, I got this error:

Re: Azure ID Error No trusted certificate found

Greg Gibbs — Tue, 09 May 2023 22:41:49 GMT

You don't need a certificate signed by a public CA, but I'm not sure if Azure will accept a self-signed certificate. I have ROPC working in my lab with ISE using an Admin certificate signed by my internal ADCS.

The error you've posted references 'NotAfter: Fri Aug 05 2022' which would seem to indicate an expired certificate is being used. I would suggest checking for any expired certificates in the System and Trusted stores.

These are the Microsoft related certificates (Trusted Certificates) I have installed in my lab that is working with ROPC.

Re: Azure ID Error No trusted certificate found

lupingyao — Wed, 24 May 2023 13:22:13 GMT

Thanks Greg,

I have just installed this ISE a few days before, so this certitiface error could be from Azure, because I am using free Azure for the Test. I will check it.

guys! thanks again!