Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
251
Views
0
Helpful
1
Replies

OCSP certificate Chain

craiglebutt
Level 6
Level 6

‎02-05-2026 01:09 AM

Hi

Have 6 Nodes 2 PAN, 4 PSN, the OCSP certificate has an issue with the chain on the first responder, in this case call int PAN2.

PAN2 chain is in complete.

I'm guessing that the other nodes OCSP Responder looks at the first PAN but their certificates don't match.

5 of the nodes have the same chain.

So when trying to onboard it doesn't work.

Have logged a call with TAC, over a week ago, but they are making me swear.

Not sure how to fix this.

Cheers

Labels:
0 Helpful
1 Reply 1

Cristian Matei
VIP Alumni
VIP Alumni

‎02-05-2026 02:11 AM

Hi,

    @craiglebutt Can you confirm that OCSP Client Profile and Certificate Status Validation steps have been properly configured? Use following document as a guide.

        Within same document, you'll find instructions on how to enable runtime-aaa debugging and get the outputs from prrt-server.log, as well as perform packet capture. Post the logs and packet capture, this would help to identify the root cause. Ensure to enable debug logging for a limited time windows, as it has impact on ISE performance:

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/222150-configure-eap-tls-authentication-with-oc.html

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/212594-debugs-to-troubleshoot-on-ise.html

Thanks,

Cristian.

0 Helpful
Customers Also Viewed These Support Documents