Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
784
Views
0
Helpful
1
Replies

ISE API and Valid Certificates

anthonylofreso
Level 4
Level 4

‎03-25-2019 04:22 AM

Hello all, I'm looking for guidance on proper cert validation for use with the ISE API.

I have valid certificates on all ISE nodes signed by our internal CA, but whenever I'm making API calls, they will only work if I specify -k/--insecure with curl.

Using the -v flag, I see the following error when sending a request:

* NSS error -8102 (SEC_ERROR_INADEQUATE_KEY_USAGE)

curl: (60) Certificate key usage inadequate for attempted operation.

 CN and request url do match. I'm not sure what else would need to be present in my certificate.

0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎03-25-2019 05:18 AM

Try the option --cacert. See http://curl.haxx.se/docs/sslcerts.html

You might need to include any intermediate CA certificates.

0 Helpful
Customers Also Viewed These Support Documents