12-20-2019 02:40 PM
Hi,
When I try to Bind ISE cert after receiving response from CA server I get the following error.
"Certificate for Admin or POrtal use must contain server authentication in the Extended Key Usage (EKU) certificate."
Any idea?
Also When I attempt to authc a win10 with Anyconnect it fail with the following error on ISE:
Client rejected ISE local cert. or something like that.
1- Both client and ISE trust the AD CA
2- Both ISE and client got their certs from the AD CA
Any idea?
Solved! Go to Solution.
12-20-2019 03:07 PM
You need to have the CA administrator modify the certificate template to use one that allows for Server Authentication when issuing the ISE Admin certificate. Typically a Web Server template will have the same usages as what ISE needs. That may also cause the client to reject the certificate from ISE as well.
12-24-2019 06:00 AM
That was it! The CA server had all sorts of issues but once that was fixed we were able to create a duplicate web server template.
Thanks!
12-20-2019 03:07 PM
You need to have the CA administrator modify the certificate template to use one that allows for Server Authentication when issuing the ISE Admin certificate. Typically a Web Server template will have the same usages as what ISE needs. That may also cause the client to reject the certificate from ISE as well.
12-24-2019 06:00 AM
That was it! The CA server had all sorts of issues but once that was fixed we were able to create a duplicate web server template.
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide