
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2018 04:45 AM - edited 02-21-2020 07:20 AM
Hi.
I want to integrate FTD 6.2.2 with ISE 2.2 using PxGrid. To do the certification part, I have configured a Win 2008 R2 as my internal CA with just these roles installed.
This windows machine is member of my internal lab domain. While I enter "http://ipaddress/certsrv"on a client machine (which isn't a member of that domain) and follow "Request a Certificate" and then click on "Advanced Certificate Request", the following page appears, but as you can see there is no option to select Certificate Template.
Documents say that I need to request a certificate which uses "Web Server" certificate template. What did I miss?
Solved! Go to Solution.
- Labels:
-
NGFW Firewalls
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-25-2018 04:17 AM
Hi. I completely removed all of the roles installed on CA server and disconnect it from the domain. Then reinstall the roles from the scratch & rejoin to domain. Now the option is shown there. I don't know what was the problem with Windows, but I'm tired of these stupid unknown Windows issues. Thanks for your replies.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2018 05:12 AM
Hi, It's strange that you don't have the dropdown box for the certificates, are you logged in as an administrator with full rights to request cert? Also the "Web Server" certificate you mentioned is not good enough, you'd have to create a new template an ensure the EKU of Server and Client authentication.
Alternatively you could use the internal ISE CA to sign the pxGrid certificates https://communities.cisco.com/docs/DOC-71928

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2018 10:37 PM
The PC that I use to request the certificate is not a member of the domain but CA server is. I don't understand in which part I need to provide admin privilege. I even entered http://localhost/Certsrv on the CA server too but there was no option for Template again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2018 05:22 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2018 09:46 PM
I have it setup in my lab with a Windows Server 2016 AD DC providing certificate services. I have ISE, FMC, FTD, ESA, WSA, vWLC etc. all running with certificates issued by my DC.
It's odd to not see the option to select the certificate template on your certsrv page. You should have the option to select a Web server certificate.
Below are some screenshots from my setup.
Template management on the CA (Windows Server 2016)
Template dropdown from the CA's web UI
Appliances with CA-issued certificates
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-25-2018 04:17 AM
Hi. I completely removed all of the roles installed on CA server and disconnect it from the domain. Then reinstall the roles from the scratch & rejoin to domain. Now the option is shown there. I don't know what was the problem with Windows, but I'm tired of these stupid unknown Windows issues. Thanks for your replies.
