Solved: Cisco ISE

CARGO · ‎01-14-2026

Hello,

I need to renew a certificate that is expiring soon, which is used for Admin access, EAP authentication, and RADIUS DTLS.
This certificate is signed by our internal certification authority.

I generate a CSR and sign it with our certification authority, but when I attempt to bind the certificate using the Bind button, the following error is displayed: Certificate path validation failed. Make sure required Certificate Chain is imported under Trusted Certificates.

Of course, both our subordinate CA and root CA are uploaded in the Trusted Certificates store.We are running version 2.6.0.156.
Am I missing something?

Dustin Anderson · ‎01-14-2026

Without seeing certs not exactly sure, but at our org they recently updated the sub cert, so make sure if they have updated the sub or rootCA cert you import those.

View solution in original post

Dustin Anderson · ‎01-14-2026

Without seeing certs not exactly sure, but at our org they recently updated the sub cert, so make sure if they have updated the sub or rootCA cert you import those.

CARGO · ‎01-14-2026

Yes, you are right — the issuing CA was updated and I wasn’t aware of it.
Thank you very much.

Dustin Anderson · ‎01-14-2026

Glad it worked, now the other fun is do devices have the new cert. We ran into devices not trusting ISE for auth since it was now signed with the new cert authority it didn't trust. Just something to watch for if devices stop 802.1x.