Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2565
Views
5
Helpful
3
Replies

Please help Install a 3rd party CA Certificate in ISE

Go to solution
JustTakeTheFirstStep
Level 4
Level 4

‎06-04-2020 07:56 AM - edited ‎04-21-2021 08:29 PM

I requested a CSR created by ISE to a 3rd party and was issued a certificate.


The 3rd party sent the following certificates.

cert.png

 

I am going in the same way as the link below.

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-software/200295-Install-a-3rd-party-CA-certificate-in-IS.html

 

First, RootCA.crt was installed in Trusted Certificates.

 

What certificate should be Bind in CSR afterwards??

 

Can you tell me in detail about my next staff??

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎06-04-2020 09:01 PM

Hi

Based on the name, the bundle crt file is the full chain to import in trusted store. Then the pem file is the one to bind to your ise csr.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎06-04-2020 09:01 PM

Hi

Based on the name, the bundle crt file is the full chain to import in trusted store. Then the pem file is the one to bind to your ise csr.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
JustTakeTheFirstStep
Level 4
Level 4
In response to Francesco Molino

‎06-08-2020 02:35 AM - edited ‎06-08-2020 02:37 AM

Thank you for answer.

I will try the pem file to CSR bind.

Please advise what items should be checked in the checkbox

My purpose is to prevent the Untrutsted Server message from popping up when using Anyconnect Posture.

For reference, ASA has a certificate installed.

Please check attach the files

Preview file
13 KB
Preview file
17 KB
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to JustTakeTheFirstStep

‎06-09-2020 06:23 PM

Hi

I’m not sure i understand. You’re showing a capture for ise certificate import and the other is a non trusted message from anyconnect.

Is it when you are trying to download the posture module?
Your anyconnect tries to connect using an ip. If you want to user a trusted certificate from your ise portals, you should configure your authorization profile to return a fqdn that will match what is in your san certificate or within the same domain if your using a wildcard.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents