Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
511
Views
0
Helpful
1
Replies

ISE EST Service running?

gaigl
Level 3
Level 3

‎04-20-2023 01:17 AM - edited ‎04-20-2023 01:30 AM

Hello,

we want to use EST, the Services are showing up and running, but if we test on a client for /cacerts, the client connects on https://hostname.domain:8084 and I get an Error 404:

 

wget --no-check-certificate -S --no-cache -v https://sv000400.bvk.int:8084/cacerts
--2023-04-20 08:30:48--  https://sv000400.bvk.int:8084/cacerts
Auflösen des Hostnamens sv000400.bvk.int (sv000400.bvk.int)… 172.27.199.53
Verbindungsaufbau zu sv000400.bvk.int (sv000400.bvk.int)|172.27.199.53|:8084 … verbunden.
WARNUNG: Das Zertifikat von sv000400.bvk.int kann nicht geprüft werden, ausgestellt von »CN=Certificate Services Endpoint Sub CA - sv000400«:.
  Ein selbst-signiertes Zertifikat wurde gefunden.
HTTP-Anforderung gesendet, auf Antwort wird gewartet …
  HTTP/1.1 404 Not Found
  Content-Length: 59
  Connection: close
2023-04-20 08:30:48 FEHLER 404: Not Found

 

could you give me any hint, where to look?

I just found this doc:

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-30/217161-ca-service-and-est-service-on-ise.html#toc-hId-1828174756

thanks

Karl

edit: Version 3.1 P6

0 Helpful
1 Reply 1

gaigl
Level 3
Level 3

‎04-20-2023 04:27 AM

ok, found out the URI is /.well-known/est/cacerts

but how do I define or choose the Realm?

HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Basic realm="estrealm"
 
HTTP/1.1 401 Unauthorized
Content-Length: 72
Connection: close
0 Helpful
Customers Also Viewed These Support Documents