https://community.cisco.com/t5/network-access-control/binding-certificate-private-key-validtion-failed/m-p/4855989#M582273 <P>well I got .pem file but still&nbsp;<SPAN>shows error&nbsp;</SPAN><STRONG>certificate/private key validation failed. </STRONG>Anyone has idea what is wrong on my config?</P> Fri, 16 Jun 2023 06:00:32 GMT Ruelb2214 2023-06-16T06:00:32Z https://community.cisco.com/t5/network-access-control/binding-certificate-private-key-validtion-failed/m-p/4855061#M582250 <P>Hello All,</P><P>Has anyone encounter issue when they bind certificate, error will pop-up certificate/private key validation failed.</P><P>We have generated CSR in Cisco ISE for Portal usage, then we submitted to public CA to signed, they send us .crt file including the intermediate certificate, I uploaded the intermediate .crt to Trusted Certificate. Then I bind the signed cert in, after click submit its shows error&nbsp;<STRONG>certificate/private key validation failed.</STRONG></P><P>Can someone guide me, is it correct to use the .crt file in binding or must use the .pem file? because the public CA onlne send us .crt file.</P> Thu, 15 Jun 2023 08:01:52 GMT https://community.cisco.com/t5/network-access-control/binding-certificate-private-key-validtion-failed/m-p/4855061#M582250 Ruelb2214 2023-06-15T08:01:52Z https://community.cisco.com/t5/network-access-control/binding-certificate-private-key-validtion-failed/m-p/4855989#M582273 <P>well I got .pem file but still&nbsp;<SPAN>shows error&nbsp;</SPAN><STRONG>certificate/private key validation failed. </STRONG>Anyone has idea what is wrong on my config?</P> Fri, 16 Jun 2023 06:00:32 GMT https://community.cisco.com/t5/network-access-control/binding-certificate-private-key-validtion-failed/m-p/4855989#M582273 Ruelb2214 2023-06-16T06:00:32Z https://community.cisco.com/t5/network-access-control/binding-certificate-private-key-validtion-failed/m-p/4856006#M582276 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/865600">@Ruelb2214</a>,</P><P><SPAN>Use external tools, such as OpenSSL, to validate the certificate and private key outside of the Cisco ISE environment. This can help identify any issues with the certificate files themselves:</SPAN></P><P><SPAN>openssl x509 -in certificate.pem -text -noout<BR />openssl rsa -in privatekey.pem -check<BR /></SPAN></P><P><SPAN>These commands will check the certificate and private key respectively for any errors or issues.</SPAN></P><P>&nbsp;</P> Fri, 16 Jun 2023 06:59:59 GMT https://community.cisco.com/t5/network-access-control/binding-certificate-private-key-validtion-failed/m-p/4856006#M582276 M02@rt37 2023-06-16T06:59:59Z https://community.cisco.com/t5/network-access-control/binding-certificate-private-key-validtion-failed/m-p/4856016#M582277 <P>basic check but I am assuming you also have the root certificate in trusted certificate store and not just intermediate.</P> <P>seems when you are binding the signed certificate ISE is not able to decrypt the signed public certificate with the private key generated in system when you generate CSR. I am not sure you can export private key out of ISE to test this out,&nbsp; might be easier to just generate a new CSR, enure complete chain in imported in trusted store and then bind again, don't think you will have to pay again, you should be able to revoke and sign a new CSR with your CA.</P> Fri, 16 Jun 2023 07:23:38 GMT https://community.cisco.com/t5/network-access-control/binding-certificate-private-key-validtion-failed/m-p/4856016#M582277 Ambuj M 2023-06-16T07:23:38Z https://community.cisco.com/t5/network-access-control/binding-certificate-private-key-validtion-failed/m-p/4856274#M582280 <P>Do you get cert from ppan span or other node?</P> <P>Can I see the tree of cert</P> Fri, 16 Jun 2023 12:50:36 GMT https://community.cisco.com/t5/network-access-control/binding-certificate-private-key-validtion-failed/m-p/4856274#M582280 MHM Cisco World 2023-06-16T12:50:36Z https://community.cisco.com/t5/network-access-control/binding-certificate-private-key-validtion-failed/m-p/4998973#M586452 <P>hello, you finally succeeded? i have the same problem <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Wed, 17 Jan 2024 23:14:21 GMT https://community.cisco.com/t5/network-access-control/binding-certificate-private-key-validtion-failed/m-p/4998973#M586452 JuanG Gonzalez Bravo 2024-01-17T23:14:21Z https://community.cisco.com/t5/network-access-control/binding-certificate-private-key-validtion-failed/m-p/5003038#M586657 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/325330">@Ambuj M</a>&nbsp;thanks for your feedback.</P><P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1529105">@JuanG Gonzalez Bravo</a>&nbsp;yeah was able to resolved. I trace back to the CA, and there was problem in CA when it sign the cert. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 23 Jan 2024 05:26:49 GMT https://community.cisco.com/t5/network-access-control/binding-certificate-private-key-validtion-failed/m-p/5003038#M586657 Ruelb2214 2024-01-23T05:26:49Z