02-12-2018 04:45 AM - edited 02-21-2020 07:20 AM
Hi.
I want to integrate FTD 6.2.2 with ISE 2.2 using PxGrid. To do the certification part, I have configured a Win 2008 R2 as my internal CA with just these roles installed.
This windows machine is member of my internal lab domain. While I enter "http://ipaddress/certsrv"on a client machine (which isn't a member of that domain) and follow "Request a Certificate" and then click on "Advanced Certificate Request", the following page appears, but as you can see there is no option to select Certificate Template.
Documents say that I need to request a certificate which uses "Web Server" certificate template. What did I miss?
Solved! Go to Solution.
02-25-2018 04:17 AM
Hi. I completely removed all of the roles installed on CA server and disconnect it from the domain. Then reinstall the roles from the scratch & rejoin to domain. Now the option is shown there. I don't know what was the problem with Windows, but I'm tired of these stupid unknown Windows issues. Thanks for your replies.
02-12-2018 05:12 AM
Hi, It's strange that you don't have the dropdown box for the certificates, are you logged in as an administrator with full rights to request cert? Also the "Web Server" certificate you mentioned is not good enough, you'd have to create a new template an ensure the EKU of Server and Client authentication.
Alternatively you could use the internal ISE CA to sign the pxGrid certificates https://communities.cisco.com/docs/DOC-71928
02-12-2018 10:37 PM
The PC that I use to request the certificate is not a member of the domain but CA server is. I don't understand in which part I need to provide admin privilege. I even entered http://localhost/Certsrv on the CA server too but there was no option for Template again.
02-24-2018 05:22 PM
02-24-2018 09:46 PM
I have it setup in my lab with a Windows Server 2016 AD DC providing certificate services. I have ISE, FMC, FTD, ESA, WSA, vWLC etc. all running with certificates issued by my DC.
It's odd to not see the option to select the certificate template on your certsrv page. You should have the option to select a Web server certificate.
Below are some screenshots from my setup.
02-25-2018 04:17 AM
Hi. I completely removed all of the roles installed on CA server and disconnect it from the domain. Then reinstall the roles from the scratch & rejoin to domain. Now the option is shown there. I don't know what was the problem with Windows, but I'm tired of these stupid unknown Windows issues. Thanks for your replies.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide