Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
2969
Views
15
Helpful
4
Replies

Certificate imports fails via CLI

Go to solution
dgaikwad
Level 5
Level 5

ā€Ž10-19-2020 06:43 AM

Hi Experts,

Setup: ISE 2.6.0.156
I was able to restore the configuration and operational backup on second ISE standalone instance.
The certificate backup was done by exporting the certificates using CLI.
Now when I am trying to import the certificates of the first ISE instance from the repository I am getting this error below:

 

log4j:WARN No appenders could be found for logger (org.springframework.core.env.StandardEnvironment).

log4j:WARN Please initialize the log4j system properly.

log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.

Inside Session facade init

Old Memory Size : 16266772

In the init method of PDPFacade

Time taken for NSFAdminServiceFactory to load1846

Certificates are not compliant. Try to export certificates and import again.

Operation aborted. CA keys file is not acceptable

Where can I find more details why this is being reported?
Has anyone faced this issue before and solved it?

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kaito Sugita
Level 1
Level 1
In response to dgaikwad

ā€Ž12-01-2020 06:52 PM - edited ā€Ž12-01-2020 06:53 PM

After installed Patch 7 on ISE, I tried CA import via CLI again. And it succeeded.

log4j:WARN No appenders could be found for logger (org.springframework.core.env.StandardEnvironment).

log4j:WARN Please initialize the log4j system properly.

log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.

Security Protocol list Start

Inside Session facade init

Old Memory Size : 32390220

In the init method of PDPFacade

Time taken for NSFAdminServiceFactory to load1027

Old Memory Size : 32390220

Import in progress...Old Memory Size : 32390220

The following 5 CA key pairs were imported:

 

-----snip----- 

 

Stopping ISE Certificate Authority Service...

Starting ISE Certificate Authority Service...

NSS database for CA Service is ready

ISE CA keys import completed successfully

 

hth

View solution in original post

4 Replies 4

Go to solution
andy!doesnt!like!uucp
Spotlight
Spotlight

ā€Ž10-19-2020 12:26 PM - edited ā€Ž10-19-2020 03:04 PM

making stuff simplier & assuming u try to assign system' certificate, r u able to do it via GUI?

P.S. remember more details may kill u :0)

Go to solution
Kaito Sugita
Level 1
Level 1

ā€Ž11-20-2020 04:14 PM

I'm in the same situation and it seems we are hitting bug CSCvs47941

0 Helpful

Go to solution
dgaikwad
Level 5
Level 5
In response to Kaito Sugita

ā€Ž11-22-2020 09:12 PM

The bug details show that the issue is fixed in 2.6.0.156-Patch7, did you get a chance to patch it import certs via CLI?

0 Helpful

Go to solution
Kaito Sugita
Level 1
Level 1
In response to dgaikwad

ā€Ž12-01-2020 06:52 PM - edited ā€Ž12-01-2020 06:53 PM

After installed Patch 7 on ISE, I tried CA import via CLI again. And it succeeded.

log4j:WARN No appenders could be found for logger (org.springframework.core.env.StandardEnvironment).

log4j:WARN Please initialize the log4j system properly.

log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.

Security Protocol list Start

Inside Session facade init

Old Memory Size : 32390220

In the init method of PDPFacade

Time taken for NSFAdminServiceFactory to load1027

Old Memory Size : 32390220

Import in progress...Old Memory Size : 32390220

The following 5 CA key pairs were imported:

 

-----snip----- 

 

Stopping ISE Certificate Authority Service...

Starting ISE Certificate Authority Service...

NSS database for CA Service is ready

ISE CA keys import completed successfully

 

hth

Customers Also Viewed These Support Documents