Hi all ,
intergration between FMC and ISE fails when testing .
i see the below errors in the logs after a successful ssl handshake :
Captured Jabberwerx log:2017-10-13T10:37:52 [ INFO]: curl_easy_setopt() for CURLOPT_URL: 'https://ISE-1.cn.aura:8910/pxgrid/mnt/sd/getSessionListByTime'
Captured Jabberwerx log:2017-10-13T10:37:52 [ ERROR]: curl_easy_perform() failed: (6) Couldn't resolve host name at file build/gcl/src/pxgrid_bulkdownload_curl.c line 240
it seems a dns resolving problem but the FMC resolve ISE hostname .
a detailed log file is attached .
thank you for your help .
now i have this problem.currently i'm using self sign certificate on ISE and import to FMC.
Queried 1 bulk download hostnames:ISE.ddpg.com:8910
...successfully connected to ISE server.
Starting bulk download
Captured Jabberwerx log:2017-11-13T07:36:45 [ INFO]: curl_easy_setopt() for CURLOPT_URL: 'https://ISE.ddpg.com:8910/pxgrid/mnt/sd/getSessionListByTime'
Starting SSL Handshake, SSL state:before/connect initialization
Rejecting this certificate presented by foreign server: Certificate with Serial Number '0x5A0860370000000071E91C75D3E246CE', issued by 'CN = ISE.ddpg.com', to 'CN = ISE.ddpg.com'
...because SSL negotiation encountered error: self signed certificate
...while validating this entry in the certificate chain: Certificate with Serial Number '0x5A0860370000000071E91C75D3E246CE', issued by 'CN = ISE.ddpg.com', to 'CN = ISE.ddpg.com'
Sending SSL alert:unknown CA
Sending SSL alert:close notify
Captured Jabberwerx log:2017-11-13T07:36:45 [ ERROR]: curl_easy_perform() failed: (60) Peer certificate cannot be authenticated with given CA certificates at file build/gcl/src/pxgrid_bulkdownload_curl.c line 240
bulk download iter next failed REST errorPeer certificate cannot be authenticated with given CA certificates
Failed to validate bulk download.
It seems like a certification authentication problem, did you checked ISE/FMC docs about the integration using self signed certs?
it is recommended to use CA certs, you can generate one using the csr file retrieved from your ISE.
certs must be for both server and client authentication (in the enhanced key usage) .
Don't forget to upload the root certificate too .