certificate issue

edondurguti · ‎01-29-2013

Hi,

I have two ise 1.1.2 with these roles:

Admin Primary / Monitor Secondary

Admin Secondary/ Monitor Primary

I have bought a godaddy cert for EAP authentication and all works well, but when my primray goes down for some reason and all authentications are directed to secondary than there is a problem.

On the secondary ISE there is no godaddy certificate I am trying to export it from Primary ISE and importing it to the secondary but I get an error:

Internal error - please ask your Administrator to review the error logs.

or

com.cisco.cpm.nsf.api.exceptions.NSFEntityT

ypeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:

PKIX path building failed: sun.security.provider.certpath.SunCertPathB

uilderException: unable to find valid certification path to requested target

nspasov · ‎01-29-2013

Hello-

I might need more info to get a better understanding of what is going on but from first look I think the issue is with the fact that your second node does not have a valid cert. I don't think you can simply import the cert that was signed from the first node to the second one. Instead, you will need to get a signed cert from godaddy for your second node and enable that cert for eap authentications as well.

Thank you for rating!

vikasyad · ‎04-27-2013

Please review the below link which might help you.

http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_61_byod_provisioning.pdf

http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_client_prov.pdf

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_auth_pol.html