03-03-2017 06:51 AM - edited 03-11-2019 12:31 AM
Hello,
I try to import signing certificate on my ISE 2.2.
I have Generate Certificate Signing Request and send to Comodo CA. I have CA on Trusted Certifcates Tab
But when I bind the certificate i have this error.
I don't understand what is the issue.
Best regards
05-31-2017 03:05 PM
Did you determine what was causing Certificate path validation error?
05-31-2017 07:05 PM
You can open the root CA and verify if it has the complete chain.
**rate helpful posts**
06-01-2017 07:30 AM
I confirmed a complete chain on the Root
06-06-2017 03:06 PM
Import the Root and Intermediate CA Certs into the trusted list of ISE before binding the cert.
Usually, ISE does NOT have all the intermediate in the internal trust cert repository. ONE EXAMPLE is L1K Intermediate Entrust Cert so I think the same is happening to you.
If you see some COMODO certs in the ISE trusted cert list, CHECK the serial number against the ones that signed your cert. I am pretty sure you will find are not the same at least for the Intermediate because Root CA Certs are embedded in the software (example for Apple & Android is the Entrust Root G2 which also applies to ISE trust cert list).
Hoping this helps
06-08-2017 09:02 AM
We determine there was an issue in the cert chain and it was corrected.
07-17-2017 10:19 AM
Just to let you know, I am facing issues with binding an entrust cert to the portal certificate tag so the sponsor portal and guest portal are not displayed properly unless you stop/restart the ISE 2.2 services on that specific node (PAN or PSN). Still working with TAC on this.
07-26-2017 11:21 AM
As a general information the root cause was found. Having duplicated certificate entries in the TRUSTED CERTIFICATE LIST of ISE with the same CN (common name) causes the Internal Server Error and Guest/Sponsor Portals operation error.
Removing one of the duplicated entries was enough.
06-01-2017 04:51 PM
Comodo CA has 1 Root and 4 different Intermediate CA certificates:
https://support.comodo.com/index.php?/Knowledgebase/List/Index/71
Can you check which exact intermediate CA has issued your certificate? I do not recall what Comodo Intermediate certificates ISE has in the 2.2 release by default, but your snapshot seems to point to:
COMODO RSA Organization Validation Secure Server CA (SHA-2)
Comodo RSA Certification Authority (SHA-2)
Check if "COMODO RSA Organization Validation Secure Server CA" issued yours.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide