cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

727
Views
4
Helpful
7
Replies
Highlighted
Beginner

ACS 5.5 and Certificate Validation Error: Certificate binding failed. No matching signing request found.

Dear Community,

I generate Sign Request, than sign it on CA.

Then try to upload it back but error arrise: Certificate Validation Error: 'Certificate binding failed. No matching signing request found.'

I used ACS 5.5.0.47 Patch 7.

Did anyone went through this error?

I tried use another CA, but the result is the same.

I already checked validity of CA cert.

Thank you.

Kind regards, 

Filip

Everyone's tags (1)
7 REPLIES 7
Cisco Employee

Hi Filip,

Hi Filip,

When you say you have checked the validity of cert, how did you check it?

You can check here if CSR and certificate are a match:

https://www.sslshopper.com/certificate-key-matcher.html

If yes, what is the format of the certificate that you are  trying to upload? Supported formats are cer, der and pem.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Beginner

I checked certificate of CA

I checked certificate of CA if is still valid on ACS.

Thank you for link, for test purpose looks well.

I use .cer format.

Cisco Employee

Hi Filip,

Hi Filip,

You are welcome!

So when you check certificate (identity) as well as the CSR in the link provided, does it match fine?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Beginner

snimka_obrazovky_2016-11-23_o

Here is positive results.

Cisco Employee

Hi Filip,

Hi Filip,

So you go to "outstanding signing requests" and you see the same CSR, and then when you go here "System Administration >     Configuration >     Local Server Certificates >     Local Certificates  >     Create" ,  you select " Bind CA certificate", browse and you get the error, corrrect?

Is it possible to share the certificate?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Beginner

Yes correct I used Bind CA

Yes correct I used Bind CA certificate.

I opened TAC case recently. By me it is than internal issue of ACS.

Beginner

Here is the soluton: There

Here is the soluton: There should be only one CSR in the list! Then it worked and ACS bind CA ussued certificate to CSR.

There is no information in documentation or release notes that I have to have only one CSR in the list under System Administration > Configuration > Local Server Certificates > Outstanding Signing Requests at the time when I try to bind CA signed certificate.

  1. Delete the all old CSR.
  2. Please try generating another CSR. Ensure you see the CSR in Outstanding Signing Requests. Generate the certificate for this and try binding the new certificate again.