cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3278
Views
0
Helpful
4
Replies

Getting error when generating certificate from Pxgrid Services."Certificate generation failed: Error while reading the certificate CN or SAN: The given Subject is null or CN value is missing"

Gagandeep Singh
Cisco Employee
Cisco Employee

Hi Team,

Running ISE 2.2 patch 3,4 on deployment of 10 nodes.

2 pxgrid

4 PSN

2 MNT

2 ADMIN

Recent change : Promote Secondary as Primary for some reason.

Getting error when generating certificate for Stealth watch from pxgrid services.


"Certificate generation failed: Error while reading the certifi cate CN or SAN: The given Subject is null or CN value is missing"


Saw the same error in ise-psc.log.

Regenerated internal CA certificates. Still didn't work.

Tried in lab and it worked after ISE ROOT CA replace.


Revert the secondary to primary. Just to see if that is causing the issue. Regenerate internal CA but got same error.


Any help would be appreciated.


Regards

Gagan

1 Accepted Solution

Accepted Solutions

RaffyLindogan
Spotlight
Spotlight

Hi mate,

 

The question is a bit vague.

Are you generating the CSR of Stealthwatch?

Or are you generating the CSR for ISE for pxGrid?

Can you confirm on which process is failing?

 

Since these boxes are already running, there should be an existing "Default self-signed certificate".

You can reuse them by enabling pxGrid on the cert.

You can then upload this cert to the SMC under "Certificate Authority Certificates"

 

While on SMC, you should generate the keys and csr via cli.

 


Thanks.

 

Raffy

View solution in original post

4 Replies 4

hslai
Cisco Employee
Cisco Employee

Please analyze the support bundle and ensure all services started ok. If no clue, open an ISE ESC case.

toyip
Cisco Employee
Cisco Employee

Similar situation: Trying to generate pxGrid certs from ISE 2.2. I get an error message "Certificate generation failed with Exception: null". Was this ever resolved?

try re-issuing ISE CA Certificates ( that means Regenerating ISE Root CA from

Administration > Certificates > Certificate Signing Requests > Generate a CSR

> Generate ISE Root CA )

RaffyLindogan
Spotlight
Spotlight

Hi mate,

 

The question is a bit vague.

Are you generating the CSR of Stealthwatch?

Or are you generating the CSR for ISE for pxGrid?

Can you confirm on which process is failing?

 

Since these boxes are already running, there should be an existing "Default self-signed certificate".

You can reuse them by enabling pxGrid on the cert.

You can then upload this cert to the SMC under "Certificate Authority Certificates"

 

While on SMC, you should generate the keys and csr via cli.

 


Thanks.

 

Raffy