01-29-2013 06:21 AM - edited 03-10-2019 08:01 PM
Hi,
I have two ise 1.1.2 with these roles:
Admin Primary / Monitor Secondary
Admin Secondary/ Monitor Primary
I have bought a godaddy cert for EAP authentication and all works well, but when my primray goes down for some reason and all authentications are directed to secondary than there is a problem.
On the secondary ISE there is no godaddy certificate I am trying to export it from Primary ISE and importing it to the secondary but I get an error:
Internal error - please ask your Administrator to review the error logs.
or
com.cisco.cpm.nsf.api.exceptions.NSFEntityT
ypeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathB
uilderException: unable to find valid certification path to requested target
01-29-2013 07:12 PM
Hello-
I might need more info to get a better understanding of what is going on but from first look I think the issue is with the fact that your second node does not have a valid cert. I don't think you can simply import the cert that was signed from the first node to the second one. Instead, you will need to get a signed cert from godaddy for your second node and enable that cert for eap authentications as well.
Thank you for rating!
04-27-2013 02:47 AM
Please review the below link which might help you.
http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_client_prov.pdf
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_auth_pol.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide