07-30-2012 01:22 PM - edited 03-10-2019 07:21 PM
When I generate a cert and use THAWT tiral version to try out the cert, the request as I copy - paste it says:
The CSR must include an Organization Name.
I am using ISE 1.1.1
Solved! Go to Solution.
07-30-2012 01:30 PM
Hi,
Please use this guide to generate the csr, i could not view the link that you posted above. Do you have a screenshot of the error, also a screenshot of the csr details?
http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_man_cert.html#wp1077292
Thanks,
Tarik Admani
*Please rate helpful posts*
07-30-2012 02:08 PM
Not a problem,
what you will do is save the files according. One file you can save as certificate.cer, and the other root certificate as root.cer
You will upload the root certificate first in the CA store and then upload the certificate.cer in the local certificate store. Let me know if you need help with that.
Thanks,
Tarik Admani
*Please rate helpful posts*
07-30-2012 01:30 PM
Hi,
Please use this guide to generate the csr, i could not view the link that you posted above. Do you have a screenshot of the error, also a screenshot of the csr details?
http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_man_cert.html#wp1077292
Thanks,
Tarik Admani
*Please rate helpful posts*
07-30-2012 01:39 PM
I was actually reading it before you posted, i am thankful for your help and I apologize for my ignorance of not reading it before I asked ( that's not me at all lol)
yes I have generated a self signing request and they emailed me two files:
Thawte Test CA Root certificate:
Thawte Trial Secure Server Intermediate CA:
they emailed these two files, actually it's a separate text.
07-30-2012 01:40 PM
I am actually trying to set it up with trial cert.
google: thawte trial ssl cert
they offer 21 day trial but I am going to digg a bit more to see whats goin on, can't seem to make it work.
if you have time it'd be nice if you could install it and post the solution.
If i figure it out i'll post the solution.
thanks alot
07-30-2012 02:08 PM
Not a problem,
what you will do is save the files according. One file you can save as certificate.cer, and the other root certificate as root.cer
You will upload the root certificate first in the CA store and then upload the certificate.cer in the local certificate store. Let me know if you need help with that.
Thanks,
Tarik Admani
*Please rate helpful posts*
07-30-2012 02:26 PM
Thank you for your help once again, I think i will have to digg in.
Anyway as I was readying the documentation for CISCO ISE on page 382 of document: ise_ug1.1.1.pdf
The bolded word down there should be Certificate Store maybe?
Not sure if it's a typo.
" Adding a Certificate Authority Certificate
Note Before you add a certificate authority certificate, ensure that the certificate authority certificate resides
on the file system that is running the client browser.
Prerequisite:
Every ISE administrator account is assigned one or more administrative roles. To perform the operations
described in the following procedure, you must have the Super Admin or System Admin role assigned.
See Cisco ISE Admin Group Roles and Responsibilities for more information on the various
administrative roles and the privileges associated with each of them.
To add a certificate authority certificate, complete the following steps:
Step 1 Choose Administration > System > Certificates.
Step 2 From the Certificate Operations navigation pane on the left, click Certificate Authority Certificates.
The Certificate Authority Certificates page appears.
Step 3 Click Add.
The Import a new Trusted CA (Certificate Authority) Certificate page appears as shown in Figure 13-10 """
07-30-2012 02:32 PM
That is correct for the root certificate, my wording wasnt exact but that is correct.
For the local certificate you can use these steps - http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_man_cert.html#wp1103485
Tarik Admani
*Please rate helpful posts*
01-05-2014 09:07 PM
Hi all,
I generate a cert and use THAWT tiral version,I received the certificate as trial SSL certificate ,Trial Secure Server Intermediate CA and Test CA Root certificate which is totally three my problem now I am very new in certificate concept and I don’t know how to move forward:
shall I do construct it as following details :
{Trial SSL certificate, followed by trial intermediate and followed by trial test root} and then save it in one file with .PEM extension
Or I have save each file individually with .pem extension.
Finally how I import this certificate to my ISE 1.2, which one should be to import to local certificates and which one to Certificate Store ?
Thanks
01-05-2014 10:37 PM
Method one is correct. You will need to bind and not import if you generated the certificate signing request on the ise server.
Sent from Cisco Technical Support Android App
01-05-2014 10:55 PM
thanks Tarik,
should i do any things in Certificate Store?
01-06-2014 07:26 AM
I export that local certificate of the ISE and save it in the trusted store of the Client, but still receive the error “12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate”.
i dont want to uncheck the validate server certificate option from the client network profile.
please advise ?
01-06-2014 08:01 AM
Keep in mind regardless of a public or private certificate most clients will always prompt the user to accept the radius server warning on all initial 802.1x connections. The only device I have seen not present this prompt is the android.
The supplicant will always warn the end user that the identity for network authentication will be passed on to a radius server, the only way to hide this message by choosing to keep the validate server certificate option would be to use a group policy from GPMC on your microsoft environment where the identity is automatically set.
Tarik Admani
*Please rate helpful posts*
01-06-2014 10:02 PM
Still error shown “12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate”. Maybe i need to delete the a default, self-signed certificate after bind the new one?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide