Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
628
Views
0
Helpful
3
Replies

Externally-signed CA certificate not being used

Go to solution
eoinwhite123
Level 1
Level 1

‎04-05-2023 02:49 PM

I generated a CSR on ISE 3.2 (standalone) & binded the new externally-signed CA certificate against the CSR to the admin UI.

However the server is still presenting the old self signed certificate when I browse to the admin portal - even after multiple reboots. 

I can see its still using a self singed certificate for "ISE Messaging Service" & SAML. Do I also need to generate separate CSRs for these services before ISE admin portal will present the new externally-signed CA certificate for the admin UI?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sri Harsha Dasari
Spotlight
Spotlight

‎04-07-2023 08:34 AM

While Generating the CSR, Under Usage, did you select Multi-Use or Admin ? Default is Multi-Use

Under System Certificates, do you see the new certificate ? If you see it, Under Used by column, what are the functionalities you see ? If you see Admin, then it will be used for Management Portal.
Also, when you see Certificate Security Warning, did you check on the details to see which certificate is presented ? Sometimes, your browser might not trust public CA you used for ISE certificate.

For ISE messaging Service, better to leave it to use default cert, for SMAL, if you are using the functionality, you can get a separate certificate. However, either of these will not impact your Management portal certificate.

Thanks, Sri.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-05-2023 05:11 PM

what kind of cert do you have SAN or wildcard ?

check below thread may help you :

https://community.cisco.com/t5/network-security/where-can-i-go-to-ask-about-certificates-and-ise/td-p/3082946

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Sri Harsha Dasari
Spotlight
Spotlight

‎04-07-2023 08:34 AM

While Generating the CSR, Under Usage, did you select Multi-Use or Admin ? Default is Multi-Use

Under System Certificates, do you see the new certificate ? If you see it, Under Used by column, what are the functionalities you see ? If you see Admin, then it will be used for Management Portal.
Also, when you see Certificate Security Warning, did you check on the details to see which certificate is presented ? Sometimes, your browser might not trust public CA you used for ISE certificate.

For ISE messaging Service, better to leave it to use default cert, for SMAL, if you are using the functionality, you can get a separate certificate. However, either of these will not impact your Management portal certificate.

Thanks, Sri.
0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎04-08-2023 03:51 PM

Verify you have properly selected the services - specifically the Admin service in your case but I would recommenda ll but SAML - to use the new signed certificate:

image.png

0 Helpful
Customers Also Viewed These Support Documents