Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
239
Views
0
Helpful
1
Replies

Import EAP-cert in Cisco ISE 3.3

trondaker
Level 3
Level 3

‎02-16-2025 06:00 AM

Hi,

Getting a weird error in ISE 3.3 when importing the signed cert from our old deployment that we use for EAP. The import worked fine on the first node, but the cert did not show up on the other nodes (signed cert for guest automatically imported to all nodes). When i try to import for node 2, i get the following error:

ISE cannot import a local certificate with the same Issuer CN and serial number as an existing certificate, yet the Issuers of the two certificates differ.

This is exactly the same cert that worked on node 1, so why does it say that the Issuers differ?

0 Helpful
1 Reply 1

Arne Bier
VIP
VIP

‎02-16-2025 12:35 PM

That does sound odd. The same EAP System Cert should be importable on multiple nodes, from what I recall. I tend to create a unique cert per node, and ensure there is no wildcard either in the Subject or SAN.

Usually ISE is quite reliable with regards to cert management. Have you examined the certs with openssl and looked closely at the Serial number and Issuer details? Perhaps there is a clash:

openssl x509 -in <certname.pem> -text

 

0 Helpful
Customers Also Viewed These Support Documents