Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
838
Views
5
Helpful
2
Replies

ISE trusted certificates - 1.1.1 bug??

Gustavo Novais
Level 1
Level 1

ā€Ž08-23-2012 04:40 AM - edited ā€Ž03-10-2019 07:27 PM

Hello,

I'm authenticating a few Cisco Phones towards ISE via EAP-TLS, and all was working on version  version 1.1.

Now that we've upgraded to 1.1.1, I've reimported Cisco's Manufacturing CA and Root CA certificates into ISE, and marked them for trust for EAP-TLS authentications, but when phones authenticate I keep getting the message that they've presented an unknown CA certificate in their certificate request, and obviously we are failing EAP-TLS, but I'm pretty sure the certificates are well imported into ISE, so they should pass the validation.

Is anybody aware of a bug of some sort with this?

I read a post where somebody stated that now ISE would only support one certificate for EAP-TLS auth...

If somebody can provide further details...

Thanks

Gustavo Novais

Labels:
0 Helpful
2 Replies 2

Naveen Kumar
Level 4
Level 4

ā€Ž05-01-2013 06:28 PM

Hello,

The bug has been resolved in the new update of ISE 1.1.2 and the higher versions.

Ref. Link:   http://www.cisco.com/en/US/docs/security/ise/1.1.1/release_notes/ise111_rn.html

Jatin Katyal
Cisco Employee
Cisco Employee

ā€Ž05-02-2013 03:34 AM

The defect that I come across even I had all the certs installed correctly.

CSCud00831    eap-tls authentications start failing after a while x509 decrypt error

Symptom:

EAP-TLS authentications fail with "X509 decrypt error"

Conditions:

Visiting backup/restore page or performing an automatic scheduled backup

without visiting the backup/restore page

Workaround:

Do not visit backup page. Disable scheduled backup. Separate Policy

Services. Node on deployment from Administrative or Monitoring Node.

The fix will be available in ISE 1.1.3

Jatin Katyal


- Do rate helpful posts -

~Jatin
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents