04-16-2013
03:53 AM
- last edited on
03-25-2019
05:30 PM
by
ciscomoderator
I am trying to export certs for backup on a distributed ISE deployment.On every box of every type of node when I attempt a backup with or without the private key, nothing happens, but the GUI stops. After checking the "sh app status ise" on the CLI I notice that it now says "ISE Application Server process is not running." After a few minutes the process starts again by itself and the GUI starts working by I dont recive any cert export.
Anybody got any ideas?
thanks
Nick
04-16-2013 07:07 AM
Hi,
What version of ISE is your deployment currently at?
Thanks,
Tarik Admani
*Please rate helpful posts*
05-14-2013 01:40 AM
Hi ,
I have the same issue. I'm running 1.1.0.665 without any patches.
We would like to export the certificates before we hit the upgrade process.
Best Regards,
Jan-Willem Molenaar
05-14-2013 06:01 AM
I tried this on two different version of ISE in a stand alone mode but I couldn't repoduce this issue.
Version : 1.1.1.268
Version : 1.0.4.573
Have you tried the same thing on any stand alone box?
Jatin Katyal
- Do rate helpful posts -
05-16-2013 12:26 AM
Hi Jatin,
I've a stand alone node in the LAB running 1.1.2.145 where I can export the certificates succesfully.
Since the upgrade of a spilt deployment requires a deregister of the ISE nodes I'll try to export the certificates as soon as they are running as a stand alone node.
I'll keep you updated.
Jan-Willem Molenaar
05-16-2013 01:16 AM
No worries. I've seen this issue few times only when we have ISE in deployment.
Jatin Katyal
- Do rate helpful posts -
05-18-2013 10:11 AM
Hi Jatin,
I did an upgrade of a distributed deployment today. After a deregister of the first admin/monitoring node I was able to export the certificate including the keys for this machine. Hower this didn't work for the PSN nodes in standalone mode. Also after the upgrade to version 1.1.4 - patch 1, trying to export the identity certificate with the keys included causes a stop/start of the ISE application. It doesn't matter if the units are in standalone mode or added to the deployment. The only difference is that the PSN nodes run as a VM wereas the pap/mnt nodes are 3395 appliances.
Sent from Cisco Technical Support iPhone App
05-15-2013 10:10 PM
Hello,
I went through your query and found the below link which would help to solve your query:-
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_cert.html
05-16-2013 12:27 AM
Hi Harvinder,
Thanks for your support.
I went through this document before and follow the procedure, which work on other deployments but not for this one
05-19-2013 08:08 PM
Hi,
Can you try to run the command "show logging system tail" (you might have to run through the interactive prompts to get this right). This should show why the application is restarting. Your best bet might be to open a TAC case, I recently exported certs from a customer box (1.1.2 patch 2) and I didnt experience the issues.
Also what key length are you certs and were they imported as pem or der format?
Thanks,
Tarik Admani
*Please rate helpful posts*
10-02-2013 12:24 AM
Hi,
I had this problem to, in a standalone ISE running 1.1.4 patch 6. I was able to export the selfsigned certificate but not the ones imported form an external CA. As happens with yours when I tried to export it the GUI restarted its self.
I oppened a TAC case and it was open for 2 months. At the end they detected a bug when tried to export the certificate, and a problem with the certificate conversion with the openssl
10-02-2013 02:56 AM
Yeah, we finally filed a defect on this.
CSCuh37674 ISE application server reloads while exporting EAP certificate
Symptom:
ISE engine reloads when trying to export EAP certificate.
Conditions:
First seen on ISE 1.1.4 patch 1.
Workaround:
N/A
~BR
Jatin Katyal
**Do rate helpful posts**
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide