Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3278
Views
0
Helpful
4
Replies

Getting error when generating certificate from Pxgrid Services."Certificate generation failed: Error while reading the certificate CN or SAN: The given Subject is null or CN value is missing"

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee

‎01-09-2018 03:49 PM

Hi Team,

Running ISE 2.2 patch 3,4 on deployment of 10 nodes.

2 pxgrid

4 PSN

2 MNT

2 ADMIN

Recent change : Promote Secondary as Primary for some reason.

Getting error when generating certificate for Stealth watch from pxgrid services.


"Certificate generation failed: Error while reading the certifi cate CN or SAN: The given Subject is null or CN value is missing"


Saw the same error in ise-psc.log.

Regenerated internal CA certificates. Still didn't work.

Tried in lab and it worked after ISE ROOT CA replace.


Revert the secondary to primary. Just to see if that is causing the issue. Regenerate internal CA but got same error.


Any help would be appreciated.


Regards

Gagan

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
RaffyLindogan
Spotlight
Spotlight

‎09-03-2019 06:45 PM

Hi mate,

 

The question is a bit vague.

Are you generating the CSR of Stealthwatch?

Or are you generating the CSR for ISE for pxGrid?

Can you confirm on which process is failing?

 

Since these boxes are already running, there should be an existing "Default self-signed certificate".

You can reuse them by enabling pxGrid on the cert.

You can then upload this cert to the SMC under "Certificate Authority Certificates"

 

While on SMC, you should generate the keys and csr via cli.

 


Thanks.

 

Raffy

View solution in original post

0 Helpful
4 Replies 4

Go to solution
hslai
Cisco Employee
Cisco Employee

‎01-09-2018 07:59 PM

Please analyze the support bundle and ensure all services started ok. If no clue, open an ISE ESC case.

0 Helpful

Go to solution
toyip
Cisco Employee
Cisco Employee

‎09-03-2019 02:30 PM - edited ‎09-03-2019 02:31 PM

Similar situation: Trying to generate pxGrid certs from ISE 2.2. I get an error message "Certificate generation failed with Exception: null". Was this ever resolved?

0 Helpful

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee
In response to toyip

‎09-03-2019 02:38 PM

try re-issuing ISE CA Certificates ( that means Regenerating ISE Root CA from

Administration > Certificates > Certificate Signing Requests > Generate a CSR

> Generate ISE Root CA )

0 Helpful

Go to solution
RaffyLindogan
Spotlight
Spotlight

‎09-03-2019 06:45 PM

Hi mate,

 

The question is a bit vague.

Are you generating the CSR of Stealthwatch?

Or are you generating the CSR for ISE for pxGrid?

Can you confirm on which process is failing?

 

Since these boxes are already running, there should be an existing "Default self-signed certificate".

You can reuse them by enabling pxGrid on the cert.

You can then upload this cert to the SMC under "Certificate Authority Certificates"

 

While on SMC, you should generate the keys and csr via cli.

 


Thanks.

 

Raffy

0 Helpful
Customers Also Viewed These Support Documents