cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4976
Views
5
Helpful
8
Replies

ISE 2.2 Issue to Bind Signed Certificate

ypomero06
Level 1
Level 1

Hello,

I try to import signing certificate on my ISE 2.2.

I have Generate Certificate Signing Request and send to Comodo CA. I have CA on Trusted Certifcates Tab

But when I bind the certificate i have this error.

I don't understand what is the issue.

Best regards

8 Replies 8

hamilton.bill
Level 1
Level 1

Did you determine what was causing Certificate path validation error?

ammahend
VIP
VIP

You can open the root CA and verify if it has the complete chain.

**rate helpful posts**

-hope this helps-

I confirmed a complete chain on the Root

Import the Root and Intermediate CA Certs into the trusted list of ISE before binding the cert.

Usually, ISE does NOT have all the intermediate in the internal trust cert repository. ONE EXAMPLE is L1K Intermediate Entrust Cert so I think the same is happening to you.

If you see some COMODO certs in the ISE trusted cert list, CHECK the serial number against the ones that signed your cert. I am pretty sure you will find are not the same at least for the Intermediate because Root CA Certs are embedded in the software (example for Apple & Android is the Entrust Root G2 which also applies to ISE trust cert list).

Hoping this helps

We determine there was an issue in the cert chain and it was corrected.

Just to let you know, I am facing issues with binding an entrust cert to the portal certificate tag so the sponsor portal and guest portal are not displayed properly unless you stop/restart the ISE 2.2 services on that specific node (PAN or PSN). Still working with TAC on this.

As a general information the root cause was found. Having duplicated certificate entries in the TRUSTED CERTIFICATE LIST of ISE with the same CN (common name) causes the Internal Server Error and Guest/Sponsor Portals operation error.

Removing one of the duplicated entries was enough.

Rahul Govindan
VIP Alumni
VIP Alumni

Comodo CA has 1 Root and 4 different Intermediate CA certificates:

https://support.comodo.com/index.php?/Knowledgebase/List/Index/71

Can you check which exact intermediate CA has issued your certificate? I do not recall what Comodo Intermediate certificates ISE has in the 2.2 release by default, but your snapshot seems to point to:

COMODO RSA Organization Validation Secure Server CA (SHA-2)

Comodo RSA Certification Authority (SHA-2)

Check if "COMODO RSA Organization Validation Secure Server CA" issued yours.