11-19-2019 12:52 PM
I am trying to create PXGrid certificates with Cisco ISE and I am getting an error.
Certificate generation failed: Not able to build the ISE CA chain to the root. Chain size: 2: INTERNAL_SERVER_ERROR
Can someone help me with this?
Solved! Go to Solution.
11-20-2019 01:50 AM
Hi @Richard Lucht ,
Can you please try to rebuild the internal CA on the ISE and see if this resolves the issue?
Regenerate Internal CA of the ISE: Administration > System > Certificates > Certificate Signing Request > Generate CSR > ISE Root CA
11-19-2019 01:29 PM
What version and patch is installed?
11-19-2019 02:05 PM
Version 2.4.0.357 patch 6
11-20-2019 01:50 AM
Hi @Richard Lucht ,
Can you please try to rebuild the internal CA on the ISE and see if this resolves the issue?
Regenerate Internal CA of the ISE: Administration > System > Certificates > Certificate Signing Request > Generate CSR > ISE Root CA
06-17-2023 07:18 PM
After weeks of struggling with this issue.
I ended up generating a new Root CA and DNAc could join successfully. At some point I blamed a bug. Running ISE 3.1 and DNA Version 2.2.3.6.
I could have broken the certchains on ISE when doing an upgrade and when I recovered admin password.
Checked my radius clients,, they were not affected by regeneration of new Root CA.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: