01-29-2024 03:12 AM
Hello all,
I imported a third-party signed certificate to be used as a Guest Portal certificate in my cisco ISE 3.2.
The trust chain is correctly imported under "Trusted Certificates". However in Aministration/System/Certificates/Certificate Management/System Certificates, when I go to edit the newly imported certificate, i see the boxes for possible usage (Portal, ISE Messaging Server, SAML, etc...) greyed out and I am unable to interact.
I might add that the same certificate has been imported successfully and is in use on a variety of different appliances, so I don't think there's a an issue with the cert itself.
Any one can suggest some troubleshooting steps?
Thanks
F.
Solved! Go to Solution.
01-29-2024 07:06 AM
Could you please assign the messaging service usage to another certificate (you can create a new self-signed one for that if you want) and then try to assign the portal in the real cert?
01-29-2024 03:25 AM
Did you generate the CSR from ISE? if so, what usage did you select when you generated it? if not, what usage did you select when you imported the certificate first time?
01-29-2024 03:37 AM
the certificate was generated by an external authority and consequently imported. I will refer to this as the "real" cert.
I selected "ISE Messaging Services" and "Portal" for usage at the time of upload.
Then to troubleshoot a different issue I edited the default self-signed certificate usage, using it for "Portal" (in this way I removed the "Portal" usage from the real cert I wanted to use).
Now I find myself unable to revert back to using the real cert for Usage --> Portal.
Hope this answers
thanks
F.
01-29-2024 04:33 AM
It did, thanks. What usage do you currently see on the real cert?
01-29-2024 05:33 AM
Just the ISE Messaging Service (which incidentally is not in use yet so it can be modified with no issues).
If I hover over any of the checkboxes I see the cursor turn into a "forbidden" sign and am unable to click.
I already tried restarting the ISE service and changing browser, fearing it could be just a GUI bug. It seems not to be the case.
01-29-2024 07:06 AM
Could you please assign the messaging service usage to another certificate (you can create a new self-signed one for that if you want) and then try to assign the portal in the real cert?
01-29-2024 07:12 AM
Mmm... I now notice that I can't assign the usage of "ISE messaging service" to any other certificate, be it a new self-signed one or old, not used ones. If I edit the usage of another cert, such as a newly created one, I can select every other usage but not "ISE messaging Service"
01-29-2024 07:21 AM
DIT - I apologize, I was able to switch the usage for ISE messaging service to another sllef-signed cert and i now can use the real cert for portal usage.
many thanks for the help!
01-29-2024 07:37 AM
You're welcome.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide