Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
700
Views
2
Helpful
8
Replies

unable to change "usage" of a certificate

Go to solution
fabioairoldi
Level 1
Level 1

‎01-29-2024 03:12 AM

Hello all,

I imported a third-party signed certificate to be used as a Guest Portal certificate in my cisco ISE 3.2.

The trust chain is correctly imported under "Trusted Certificates". However in Aministration/System/Certificates/Certificate Management/System Certificates, when I go to edit the newly imported certificate, i see the boxes for possible usage (Portal, ISE Messaging Server, SAML, etc...) greyed out and I am unable to interact.

 

I might add that the same certificate has been imported successfully and is in use on a variety of different appliances, so I don't think there's a an issue with the cert itself.

 

Any one can suggest some troubleshooting steps?

 

Thanks

F.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aref Alsouqi
VIP
VIP

‎01-29-2024 07:06 AM

Could you please assign the messaging service usage to another certificate (you can create a new self-signed one for that if you want) and then try to assign the portal in the real cert?

View solution in original post

8 Replies 8

Go to solution
Aref Alsouqi
VIP
VIP

‎01-29-2024 03:25 AM

Did you generate the CSR from ISE? if so, what usage did you select when you generated it? if not, what usage did you select when you imported the certificate first time?

0 Helpful

Go to solution
fabioairoldi
Level 1
Level 1
In response to Aref Alsouqi

‎01-29-2024 03:37 AM

the certificate was generated by an external authority and consequently imported. I will refer to this as the "real" cert.

I selected "ISE Messaging Services" and "Portal" for usage at the time of upload.

Then to troubleshoot a different issue I edited the default self-signed certificate usage, using it for "Portal" (in this way I removed the "Portal" usage from the real cert I wanted to use).

Now I find myself unable to revert back to using the real cert for Usage --> Portal.

Hope this answers

thanks

F.

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to fabioairoldi

‎01-29-2024 04:33 AM

It did, thanks. What usage do you currently see on the real cert?

0 Helpful

Go to solution
fabioairoldi
Level 1
Level 1
In response to Aref Alsouqi

‎01-29-2024 05:33 AM

Just the ISE Messaging Service (which incidentally is not in use yet so it can be modified with no issues).

If I hover over any of the checkboxes I see the cursor turn into a "forbidden" sign and am unable to click.screnshot-ise2.png

I already tried restarting the ISE service and changing browser, fearing it could be just a GUI bug. It seems not to be the case.

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP

‎01-29-2024 07:06 AM

Could you please assign the messaging service usage to another certificate (you can create a new self-signed one for that if you want) and then try to assign the portal in the real cert?

Go to solution
fabioairoldi
Level 1
Level 1

‎01-29-2024 07:12 AM

Mmm... I now notice that I can't assign the usage of "ISE messaging service" to any other certificate, be it a new self-signed one or old, not used ones. If I edit the usage of another cert, such as a newly created one, I can select every other usage but not "ISE messaging Service"

0 Helpful

Go to solution
fabioairoldi
Level 1
Level 1

‎01-29-2024 07:21 AM

DIT - I apologize, I was able to switch the usage for ISE messaging service to another sllef-signed cert and i now can use the real cert for portal usage.

 

many thanks for the help!

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP

‎01-29-2024 07:37 AM

You're welcome.

0 Helpful
Customers Also Viewed These Support Documents