Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1609
Views
0
Helpful
3
Replies

Error message when binding the certicate from a third CA

Go to solution
cdmadmin
Level 1
Level 1

‎10-27-2021 08:46 AM

Hello,

 

My first Sectigo RSA Domain Validation Secure Server CA-use certicate wa expired since 7 Aug 2021(System Certificate) and I've generate a self signed certicate. 2 days ago I've requested from a new certicate from the third CA using the existing CSR. I've received from them the certificate and the bundle as well (but note that my SECTIGO_Intermediate and Root are not expired yet, the expirations dates are Dec 2030 and Jan 2038).

After binding the certificate, I get the message below.

 

It's for Cisco ISE.

Please, can you assist me

 

Error message.PNG

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cdmadmin
Level 1
Level 1

‎11-09-2021 08:02 AM

Hello,

 

I've solved my problem. While binding the CA certificate, I did not select any usage and after certificate installation, I just edit it by selecting the usage needed.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎10-27-2021 02:52 PM

As the error states, ISE will not allow creating a CSR or binding a certificate that has the same Subject as another certificate. A common approach is to modify one of the certificate fields so that there is no matching Subject value.

I typically use the OU field in the certificate to indicate the Usage (Admin, EAP, etc) of the certificate to avoid duplicate Subject value issues. When renewing a certificate, I often just modify the same OU field slightly (like adding the Month/Year) to produce a unique Subject value.

I haven't seen anyone using the OU attribute as a matching condition in policies, so it is often easy to change.

0 Helpful

Go to solution
cdmadmin
Level 1
Level 1

‎10-28-2021 06:35 AM

Hello Greg,

 

Thanks for your reply and note that I did the change on the subject ("OU" and "O") three times and get the same message.

One precision, actually I have the "Self Signed Certificate" and I want to replace it by the one signed by CA.

It's not a renew

 

Regards 

0 Helpful

Go to solution
cdmadmin
Level 1
Level 1

‎11-09-2021 08:02 AM

Hello,

 

I've solved my problem. While binding the CA certificate, I did not select any usage and after certificate installation, I just edit it by selecting the usage needed.

0 Helpful
Customers Also Viewed These Support Documents