Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
918
Views
1
Helpful
3
Replies

Edit Trusted Certificate ISE 3.1.0.518 P3 of my Private CA

Go to solution
chris-lawrence
Level 1
Level 1

‎02-18-2023 07:36 AM

Team,

I'm trying to edit my private CA I use for EAP Authentication with my PSN's. For the EAP-TLS, everything works great - policy set validates the SHA-256(etc) for certificate handshakes and my endpoints are authenticated to the network. What I am experiencing is a problem with setting the "Certificate Status Validation" section for my imported Trusted Certificate.

As the logged on super admin, I can select any of the Cisco embedded Trusted Certs which are placed as part of the image and define this CRL Processing by selecting the checkbox and hitting Edit within Administration > System > Trusted Certificate - I'm able to edit the Trusted Certificate.

- BUT - for the Trusted Certificates I have placed - by doing a CSR from the PSN's and getting these Trusted Certificates in my PAN's - when I hit the checkbox and edit, nothing happens - I cannot edit my placed trusted certificates. Is it the way I imported my certificates in the first place? I use a PKCS7 (with the entire trusted chain) when I imported - system seems to see all my placed certs as good - I just cannot edit enabling the CRL processing.

These placed certificates are only located in my PSN's - perhaps that is the issue?

Thanks for the assist, Chris

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chris-lawrence
Level 1
Level 1

‎03-22-2023 10:39 AM

To be helpful the the community - I found that this was related to using alternate interfaces (other than GE0) as the UI interface. I had the same problem exceeding patch 3 - I reconfigured my cluster to place the UI on the GE0 with the other deployment needs and I was able to both path to 5 as well as edit my placed trusted certificate.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
poongarg
Cisco Employee
Cisco Employee

‎02-23-2023 12:14 AM

Hi Chris,

PKCS7 certificate files contains entire certificate chain. Kindly follow below community post:

https://community.cisco.com/t5/network-access-control/import-pkcs-7-certificate-into-cisco-ise-2-2/td-p/3092505

Later test and provide the results.

 

Go to solution
chris-lawrence
Level 1
Level 1

‎02-23-2023 04:26 AM - edited ‎02-23-2023 04:27 AM

poongarg,

Thanks for your reply - I don't have an issue with the p7b - I got the issuing ca and root into the trusted certificates section of my ISE 3.1 build - My issue is I cannot "edit" these trusted certificates so that I can define a CRL URL as I could using one of the other embedded trusted certificates cisco define as part of a default build (e.g. the Baltimore trusted cert). I'm trying to change my "admin" certificates over to this private PKI so that my PANs are enrolled into that PKI - hopefully allowing me the "edit" them. Its my leading theory at this time. I only had my PSN's for EAP enrolled.

0 Helpful

Go to solution
chris-lawrence
Level 1
Level 1

‎03-22-2023 10:39 AM

To be helpful the the community - I found that this was related to using alternate interfaces (other than GE0) as the UI interface. I had the same problem exceeding patch 3 - I reconfigured my cluster to place the UI on the GE0 with the other deployment needs and I was able to both path to 5 as well as edit my placed trusted certificate.

0 Helpful
Customers Also Viewed These Support Documents