cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11307
Views
0
Helpful
2
Replies

Bulk session download using pxGrid on ISE2.0 fails

pmahesh
Cisco Employee
Cisco Employee

Using self signed certificates to connect to pxGrid on ISE 2.0. Using the generated certs, able to connect and subscribe to the SessionDirectory capability to receive the notifications successfully. We also need to do a bulk download of the sessions for handling cases of any disconnection or for the first time before we start listening to new Sessions.


For the bulk download am seeing the following exception.

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)



Able to do a bulk download from a single node ISE 2.0 with all the personas in the same node. The bulk session download is failing only in the ISE set up where we have pxGrid and Monitoring personas are running on different nodes. If you have the steps to generate the truststore and keystore jks files that the pxGrid client can use in a distributed ISE node deployment where mnt and pxGrid are running on different nodes please share.

Thanks

2 Replies 2

kkumarjh
Cisco Employee
Cisco Employee

bulk download needs mnt cert in 2.0 as one of the parameter. check if that matches.

Hey Mahesh,

You can refer to the How-To Guide, Deploying pxGrid in ISE productional environments: How to Configure pxGrid in ISE Production Environments

Thanks,

John