cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

354
Views
15
Helpful
10
Replies
Enthusiast

Cisco Prime and ISE intergration

Hello Experts,

 

Earlier (Before SSL certificate installation) CPI and ISE was working together but now...I am struggling to get integrate CPI and ISE.

 

ISE version: 2.1.0.474

CPI: 3.5.0.0.55.0

 

Error(s): You must correct the following error(s) before proceeding:

Error: The connection to ISE with IP address "xx.xx.xx.xx" has timed out. Please check the network connectivity and the user account status on the ISE.

 

Thanks

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Mentor

Re: Cisco Prime and ISE intergration

Hi,

 

Did you installed the new certificates on both ? if yes then you need to delete the old certificate of ISE from Cisco prime CLI.

 

Regards

Dont forget to rate helpful posts

View solution in original post

VIP Mentor

Re: Cisco Prime and ISE intergration

check under tofu-certs or trusted certs:

 

check the old certs: ncs certvalidation tofu-certs listcerts

Delete using the command: ncs certvalidation tofu-certs deletecert host IP_PORT

 

Regards

Dont forget to rate helpful posts

View solution in original post

10 REPLIES 10
VIP Advisor

Re: Cisco Prime and ISE intergration

Hi

 Considering you actually have connectivity OK,  this probably a Bug. 

 

 

-If I helped you somehow, please, rate it as useful.-

Enthusiast

Re: Cisco Prime and ISE intergration

Even i guess so. I will check if i can raise a TAC case ..

Rising star

Re: Cisco Prime and ISE intergration

at first check if time-sync and time-zone match.

if this is both self signed certificate  then both need to "know" and trust each others certificate

if it is public certificate, then both bust know and trust the root and intermediate certificate in the chain.

 

Enthusiast

Re: Cisco Prime and ISE intergration

Time is correct on both.

 

I installed wildcard CA signed cert on ISE and SSL cert signed by CA on cisoc prime but prime showing error "Mismatched address" as certificate error.

 

I suspect its the issue with TLSV1 handshake.

 

Thanks

VIP Mentor

Re: Cisco Prime and ISE intergration

Hi,

 

Did you installed the new certificates on both ? if yes then you need to delete the old certificate of ISE from Cisco prime CLI.

 

Regards

Dont forget to rate helpful posts

View solution in original post

Enthusiast

Re: Cisco Prime and ISE intergration

Let me try it. Thank for suggestion.

Enthusiast

Re: Cisco Prime and ISE intergration

can you please tell me how can i do it ? I tried but didn't find a way...

 

Thanks

 

 

VIP Mentor

Re: Cisco Prime and ISE intergration

check under tofu-certs or trusted certs:

 

check the old certs: ncs certvalidation tofu-certs listcerts

Delete using the command: ncs certvalidation tofu-certs deletecert host IP_PORT

 

Regards

Dont forget to rate helpful posts

View solution in original post

Highlighted
Enthusiast

Re: Cisco Prime and ISE intergration

Excellent. It worked now after deletion of trusted old certs.

 

Thank a lot. you guys are awesome.

VIP Mentor

Re: Cisco Prime and ISE intergration

Glad it helped. Thanks for rating.

CreatePlease to create content
Content for Community-Ad

August's Community Spotlight Awards