Solved: Certificate error in Newly installed ISE 2.4

techie21 · ‎12-08-2018

I have just installed ISE 2.4 in 2 node deployment. Just migrated from ACS to ISE for Primary Instance only. Secondary ACS is still running along with Primary ISE. I have installed CSO signed certificates but I am getting this error in the logs:

Error log: Dec 8 09:39:47 209.29.2.228 CISE_Internal_Operations_Diagnostics 0000003664 1 0 2018-12-08 09:39:47.677 -05:00 0000022535 34151 WARN System-Management: Certificate Validation Failed, ConfigVersionId=87, AdminName=Unknown, OperationMessageText=Certificate Validation failed for host: msscidcISE02.mss.tiss, AcsInstance=msscidcISE02.mss.tiss,

These are the certificates:

Surendra · ‎12-08-2018

Have you selected those CA certificates for any Trust? I see that it says Unknown which mean wither you have not selected for any Trust or if you have configured it be used for trusting some service, then your CA certs are corrupted on the ISE. Would suggest you to get it checked with TAC if it is the later.

View solution in original post

Damien Miller · ‎12-08-2018

I can't tell from the screenshots, but do you have issuing CA03's public key imported in to the trusted store? The CA that issued the cert for msscidcISE02.mss.tiss? Also CA02 as well, worth confirming both are imported.

Full disclosure, I haven't dealt with this as I have always used a single cert with a SAN for each node, or a wildcard.

Surendra · ‎12-08-2018

Have you selected those CA certificates for any Trust? I see that it says Unknown which mean wither you have not selected for any Trust or if you have configured it be used for trusting some service, then your CA certs are corrupted on the ISE. Would suggest you to get it checked with TAC if it is the later.