Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
5
Replies

Invalid Password for Private Key when trying to bind CA signed cert

ITDept5418883
Level 1
Level 1

‎04-30-2024 11:38 AM

Hello,

I created a csr for an expired EAP Authentication cert on my ISE box and received a new cert from my local CA server.  When I try to gind the new cert to the csr I created, I receive a "Certificate/Private Key validation failed" message.  Problem is, the system never asked for a password when the csr was created.  So how do find the password or generate one? 

0 Helpful
5 Replies 5

Rob Ingram
VIP
VIP

‎04-30-2024 11:44 AM

@ITDept5418883 are you attempting to import the certificate?

If you generated the CSR on the ISE node and this has been signed by the CA, you navigate to Administration > System > Certificates > Certificate Signing Requests, then tick the checkbox on CSR and click Bind Certificate

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217191-configuration-guide-to-certificate-renew.html#toc-hId--1724576993

 

0 Helpful

ITDept5418883
Level 1
Level 1
In response to Rob Ingram

‎05-01-2024 05:09 AM

Thanks for the reply Rob.  Unfortunately, when I follow the steps in the article you sent, I still get the same error message.

ITDept5418883_0-1714565346175.png

 

 

0 Helpful

Rob Ingram
VIP
VIP
In response to ITDept5418883

‎05-01-2024 05:17 AM

@ITDept5418883 was the signed identity certificate issued from the CSR you created on ISE?

I suggest recreating a new CSR from ISE GUI and get that signed by the CA and try again.

0 Helpful

ITDept5418883
Level 1
Level 1
In response to Rob Ingram

‎05-01-2024 06:57 AM

Rob,

We have a local AD integrated CA server that issues certs automatically to all workstations for authentication purposes on the ISE. We also use this CA server for the EAP Auth cert for ISE. I have created a CSR on ISE twice before, received a cert from the server and successfully imported into ISE.  I don't remember having this password issue previously and I would assume I would be prompted to create a password at some point which I'm not.

Sam is my name btw, sorry for the anonymous user name.

 

0 Helpful

Rob Ingram
VIP
VIP
In response to ITDept5418883

‎05-01-2024 07:15 AM

@ITDept5418883 Sam, if the CSR is generated on ISE the private key is stored locally. So as long the internal CA signs that CSR and you import the signed certificate it should work.

Have you attempted to generate a new CSR, get this signed and attempt to bind?

I have checked previous posts for the same error message and in this post the issue was traced back to the signed certificate.

0 Helpful
Customers Also Viewed These Support Documents