Hello all.  I am attempting to add ISE 2.3 into our test environment and use it as the internal CA.  We currently are using a Windows CA successfully but would like to transition away from it. We are using devices that can not go through the onboarding process and must use the Certificate Provisioning Portal and CSRs. When we attempt to create certificates from the CSR we are receiving an general error "CA Server Error" with no other explanation.  I have looked into the logs, and see the request and then errors like "getNADAddress: radiusSessionId is not found. Probably a test URL." and "interface bond0 is selected, but eth0 and eth1 are not bonded together as interface bond0, so the portal cannot listen on this interface. Since eth0 and/or eth1 are also selected for this portal, the physical interface(s) will be used instead. " The only thing that I see related directly to the request is "san=<User Name>, cn=, description=, certOperation=SINGLE_CERT_REQ_WITH_CSR, templateName=EAP_Authentication_Certificate_Template, downloadFormat=PKCS8" where the CN is blank, though looking at the CSR with OpenSSL we see the CN listed.

Any pointers to find what the "CA Server Error" is or how to guides for the Certificate Provisioning would be appreciated.