Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6047
Views
20
Helpful
1
Replies

Replacing DNAC Certificate Error

Mike.Cifelli
VIP Alumni
VIP Alumni

‎11-09-2020 10:11 AM

Recently ran into this error in the DNAC UI when attempting to replace the certificate under System Settings:

'Issuer should be equal to Subject for root cert.'

This is a banner that quickly pops up in RED and disappears within about 10 seconds.  Long story short this error is due to the cert chain being out of order inside your .pem file that you created/converted with openssl.  If you hit this issue you can open the .pem file in wordpad and see that the order is client cert->root ca cert->sub ca cert.  To fix this, move the root ca cert to the end of the file so that they are in proper order (client->sub->root).  Next upload/replace of cert will work like a charm.  Lastly, this document serves its purpose to guide you through the process: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/hardening_guide/b_dnac_security_best_practices_guide.html#task_zpl_4c2_rbb

(see section/s: 'Generate a Certificate Request Using Open SSL'; 'Update the Cisco DNA Center Server Certificate')

9 people had this problem
Labels:
1 Reply 1

#Mat
Level 6
Level 6

‎03-29-2022 10:13 AM

Thanks, it worked!

.
0 Helpful
Customers Also Viewed These Support Documents