Solved: Should ISE certificate ise1.domain.local be imported to hosts?

laurathaqi · ‎11-11-2021

Dear community,

As part of the ISE Posture with AnyConnect, I have imported the Root certificate to all domain hosts via GPO.

However, am still getting a Certificate error of untrusted server, when AnyConnect tries to talk to ISE appliance during posture process. The ISE is signed by the same Root Cert which is imported in the Trusted Authority in the hosts computers. And that certificate is checked to be used for portals also. However, I did not import this certificate in all of the hosts of the domain. And only Root is imported.

So my question is as following:

Should I also import the ISE certificate into this Trusted Authority in order to remove this error?

The guides are quite hard to decipher on this specific information.

Thank you,

Laura

Mike.Cifelli · ‎11-15-2021

Should I also import the ISE certificate into this Trusted Authority in order to remove this error?

-Please also import the intermediate certificate into the respective trust store on the client that is also a part of the chain. Test, and see if your result changes

Out of curiosity, are you using NAM or native supp.?

View solution in original post

Mike.Cifelli · ‎11-15-2021

Should I also import the ISE certificate into this Trusted Authority in order to remove this error?

-Please also import the intermediate certificate into the respective trust store on the client that is also a part of the chain. Test, and see if your result changes

Out of curiosity, are you using NAM or native supp.?

laurathaqi · ‎11-16-2021

Hi @Mike.Cifelli

I imported the ISE Certificate, however, this time, a Self Signed one, an the error went away.

Am using Cisco AnyConnect as an agent in the supplicant hosts.

Thank you,

Laura