Hello,
I'm trying to use ISE in version 3.1 as a SCEP server for my Catalyst 9300 switches, to enroll a client certificate from my ISE root CA.
After adding the ISE trustpoint to my switch, it fails when I try to authenticate the server certificate via following command:
crypto pki authenticate LAB-ISE
Following error is happening:
% Error in receiving Certificate Authority certificate: status = FAIL, cert length = 0
When I manually enter the server certificate of ISE manually via trustpoint enrollment terminal, it's working fine. With this I validated that my server certificate is not the issue.
I also tested the same functionality with a Windows Server which is working without any issues.
My ISE configuration:
My Catalyst configuration:
I was thinking that the ISE is maybe requesting more optional values which can be added to the trustpoint, maybe this is the root cause for my issue. I sadly don't find any information in my switch log or the ISE debug log for CA services.
Does anyone have an idea how ti make the SCEP enrollment work my with Catalyst?
Best regards