08-14-2012 09:13 PM - edited 03-10-2019 07:25 PM
I want to use 802.1x EAP-TLS protocol authenticate client,then requested web server certificate from Microsoft 2003 CA server and saved it to my PC, when I open local Certificates>Import Server page in ISE , there is "Private Key File" item,but I don't know how generate this file.
In addition,after I Submit,ISE prompt "Unable to read certificate file - please be sure file is in PEM or DER format".
Anyone tell me how procedure I do,truly grateful.
Solved! Go to Solution.
01-26-2018 10:31 AM
I found the answer -- after you generate a CSR request you need to load the certificate on the "Certificate Signing Requests" page (by selecting Bind Certificate) rather than trying to import it as a new certificate on the "System Certificates" page.
Cisco could make this more intuitive.....
08-14-2012 09:18 PM
Hi,
If you generated the CSR on the ISE node locally, you are choosing the wrong option. Please use the "Bind CA Signed Certificate" option instead. The private key is generated already when you created the CSR on the ISE.
As far as your 2nd question what are you doing to get this error? Are you generating a bogus private key file and trying to import this?
Thanks,
Tarik Admani
*Please rate helpful posts*
07-18-2013 02:24 AM
Steps for configuring certificate in ISE
Step 1 :Download the CA’s certificate
Step 2 :Trust the CA in ISE a. In ISE, go to Administration > System > Certificates > Certificates Authority Certificates
b. Add the CA certificate as a trusted certificate
Step 3: Create a certificate signing request (CSR)
Go to Administration > System > Certificates > Local Certificates, and click Add
b. Generate a certificate signing request
c. Export the CSR from Administration > System > Certificates > Certificate Signing Requests
d. Once saved, open the .PEM file with notepad and copy the entire contents to the clipboard.
Step 4: Submit the CSR to the CA for signing
Step 5: Bind the certificate to the signing request
a. In ISE, go to Administration > System > Certificates > Local Certificates and add the certificate by binding the certificate.
Step 6 :Confirm that the new ISE certificate is being used
a. Log out of ISE and close all browser windows
b. Reopen the browser and go to the ISE login page. Confirm that the browser is securing the https session using the new ISE certificate.
01-26-2018 10:20 AM - edited 01-26-2018 10:26 AM
Can you clarify what you mean by, "Step 5: Bind the certificate to the signing request"? Note I am using ISE 2.3.
01-26-2018 10:31 AM
I found the answer -- after you generate a CSR request you need to load the certificate on the "Certificate Signing Requests" page (by selecting Bind Certificate) rather than trying to import it as a new certificate on the "System Certificates" page.
Cisco could make this more intuitive.....
01-01-2020 03:45 AM
good.
when I`m trying to do Step 5: Bind the certificate to the signing request.
this error appear " Certificate path validation failed. make sure required Certificate chain is imported under Trusted Certificates "
01-01-2020 07:54 PM
07-08-2023 04:03 PM - edited 07-08-2023 04:06 PM
My friend,
How can do it: Step 4: Submit the CSR to the CA for signing?
I am using 2.7 version ISE.
07-09-2023 03:03 PM
See the information and examples provided in How To Implement Digital Certificates in ISE.
If there is something additional you are having trouble with, please provide more detail on what help you require.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide