12-10-2018 05:51 PM
Hi,
I'm running version 2.2 patch 9 and I'm hitting an error when I attempt to renew the system cert. The cert is a 3rd party signed wildcard. The current one expires on 12/22/18, and the new one I have was valid as of 10/22/18. The bug causes ISE to throw an error stating that there is already a cert with the same subject name but a different serial number.
The bug report says that it has been 'fixed' but does not list a working version.
The work around is to remove the old cert and then import the new one. This is not really and option when it is the admin, eap, and portal cert.
Has anyone figured out how to get past this issue?
Thanks,
Greg
Solved! Go to Solution.
12-11-2018 01:22 AM
The fix for the bug mentioned above is not to allow two certificates with the same subject name instead replace the old cert with the new cert. This is why you see it marked as fixed.
What you can do as @Damien Miller mentioned, you can change any filed in the subject (CN,OU,C,O,L,ST) by as small as a single letter and get a certificate. This would mean that you would have a certificate with a different subject name and you should be able to install the certificate without any problem.
12-10-2018 05:55 PM
12-10-2018 05:58 PM
12-10-2018 06:08 PM
12-10-2018 06:12 PM
12-10-2018 06:21 PM
You can try to get the cert re-issued with a different Subject Common Name. The Subject Common Name is pretty much pointless these days. web sites don't use it if the SAN has a DNS entry that matches the FQDN. And for EAP it's not used.
Might be an option.
12-10-2018 06:29 PM
12-10-2018 06:50 PM
I've also found that you can just change a single character in the subject fields. It seems ise doesn't care if the CN is the same.
Change any part of organization, location, state, or country.
12-11-2018 01:22 AM
The fix for the bug mentioned above is not to allow two certificates with the same subject name instead replace the old cert with the new cert. This is why you see it marked as fixed.
What you can do as @Damien Miller mentioned, you can change any filed in the subject (CN,OU,C,O,L,ST) by as small as a single letter and get a certificate. This would mean that you would have a certificate with a different subject name and you should be able to install the certificate without any problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide