Re: Error: Private Key File is required while import CA certificate on

Da ICS16 · ‎04-30-2024

Dear Community,

ISE 3.1 integrate with AD.

ISE certificate is nearly expire so we are testing to perform ISE ssl certificate.

1. We do CSR on ISE

2. Send CSR cert to system team to CA "certificate template and client computer certificate"

3. system team share us the new certificate

We done import on Trust Certificate.

But it is error when import this new cert to "System Certificate" -> message error "Private key File is required".

Please kindly advise and next action to resolve it.

Thanks,

balaji.bandi · ‎04-30-2024

check the below document - you can verify the cert on your PC using notepad or MMC console.

https://community.cisco.com/t5/security-knowledge-base/how-to-implement-digital-certificates-in-ise/ta-p/3630897#toc-hId--1059765442

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217191-configuration-guide-to-certificate-renew.html

check some troubleshooting tips - verify the cert - if you have openssl on command line tool

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217191-configuration-guide-to-certificate-renew.html

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215927-how-to-import-and-export-certificate-fro.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rob Ingram · ‎04-30-2024

@Da ICS16 sounds like you are going to the wrong place, you need to bind the signed certificate.

Navigate Administration > System >Certificates > Certificate Signing Requests, then tick the checkbox on CSR and click Bind Certificate: then select the signed identity certificate.

Refer to the Install certificate section - https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217191-configuration-guide-to-certificate-renew.html#toc-hId-18233342

Da ICS16 · ‎05-01-2024

Dear @Rob Ingram ,

After Bind Certificate so no need to import new certificate to "System Certificates"?

It mean no need to import any cert to System Certificates?

Thanks,

Rob Ingram · ‎05-02-2024

@Da ICS16 no, when you bind the certificate you just select the usage, Admin, EAP, Portal etc. The certificate is then configured for use.

Error: Private Key File is required while import CA certificate on ISE