Solved: Re: PXGrid Certificate

Richard Lucht · ‎11-19-2019

I am trying to create PXGrid certificates with Cisco ISE and I am getting an error.

Certificate generation failed: Not able to build the ISE CA chain to the root. Chain size: 2: INTERNAL_SERVER_ERROR

Can someone help me with this?

Anurag Sharma · ‎11-20-2019

Can you please try to rebuild the internal CA on the ISE and see if this resolves the issue?
Regenerate Internal CA of the ISE: Administration > System > Certificates > Certificate Signing Request > Generate CSR > ISE Root CA

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.

View solution in original post

jj27 · ‎11-19-2019

What version and patch is installed?

Richard Lucht · ‎11-19-2019

Version 2.4.0.357 patch 6

Anurag Sharma · ‎11-20-2019

Hi @Richard Lucht ,

Can you please try to rebuild the internal CA on the ISE and see if this resolves the issue?
Regenerate Internal CA of the ISE: Administration > System > Certificates > Certificate Signing Request > Generate CSR > ISE Root CA

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.

Might Ncube · ‎06-17-2023

After weeks of struggling with this issue.

I ended up generating a new Root CA and DNAc could join successfully. At some point I blamed a bug. Running ISE 3.1 and DNA Version 2.2.3.6.

I could have broken the certchains on ISE when doing an upgrade and when I recovered admin password.

Checked my radius clients,, they were not affected by regeneration of new Root CA.

PXGrid Certificate

ISE - O que precisamos saber sobre pxGrid

ISE - What we need to know about pxGrid

How To: Deploying Certificates with pxGrid: CA-signed ISE pxGrid Node and CA-signed pxGrid Client

Cisco pxGrid Cloud

PxGrid Certificate renewal