https://community.cisco.com/t5/network-access-control/cisco-ise-computer-certificate-authentication/m-p/5298363#M596742 <P>Hey,</P><P>I'm doing a new pilot to test some stuff.</P><P>I'm trying to authenticate a PC with external certificate. I create a new policy that checks the "Issuer - Fingerprint SHA-256" but for some reason when I'm looking in the ISE Radius logs all I see that the field "Issuer - Fingerprint sha-256" is "not_found" I cant seem to find a reason why its acting like this.</P><P>Does anyone have any ideas?</P><P>I'm using ise 3.3 patch 4</P> Wed, 11 Jun 2025 10:53:59 GMT acapit 2025-06-11T10:53:59Z https://community.cisco.com/t5/network-access-control/cisco-ise-computer-certificate-authentication/m-p/5298363#M596742 <P>Hey,</P><P>I'm doing a new pilot to test some stuff.</P><P>I'm trying to authenticate a PC with external certificate. I create a new policy that checks the "Issuer - Fingerprint SHA-256" but for some reason when I'm looking in the ISE Radius logs all I see that the field "Issuer - Fingerprint sha-256" is "not_found" I cant seem to find a reason why its acting like this.</P><P>Does anyone have any ideas?</P><P>I'm using ise 3.3 patch 4</P> Wed, 11 Jun 2025 10:53:59 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-computer-certificate-authentication/m-p/5298363#M596742 acapit 2025-06-11T10:53:59Z https://community.cisco.com/t5/network-access-control/cisco-ise-computer-certificate-authentication/m-p/5298500#M596745 <P>Hi<BR />Do you have the certificate (that signs the PC certificate) installed in <STRONG>Administration &lt; Certificates &gt; Trusted Certificates</STRONG> on ISE?</P><P>Your policy for "Issuer - Fingerprint SHA-256" should then reference that certificate installed on ISE.</P><P>hth<BR />Andy</P> Wed, 11 Jun 2025 15:37:01 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-computer-certificate-authentication/m-p/5298500#M596745 andrewswanson 2025-06-11T15:37:01Z https://community.cisco.com/t5/network-access-control/cisco-ise-computer-certificate-authentication/m-p/5298766#M596759 <P>Yes we have the CA certificate that signed the PC certificate in the path you mentioned.</P><P>Just to clarify I am looking at the authentication logs and the endpoint has every other field related to the <SPAN>certificate&nbsp;</SPAN>expect from the Issuer SHA-256</P> Thu, 12 Jun 2025 07:11:46 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-computer-certificate-authentication/m-p/5298766#M596759 acapit 2025-06-12T07:11:46Z