10-12-2017 10:14 AM - edited 02-21-2020 10:35 AM
Hi
Hoping someone can help.
MacBook Air running macOS Sierra 10.12.6.
I have a very frustrating issue with ISE 2.2 (patch 3).
When I run the downloaded Cisco Supplicant Provisioning Wizard (SPW) (MacOsXSP version 2.1.0.42) file it fails with "An SSL error has occured and a secure connection to the server cannot be made." and then quickly changes to "Unable to download Profile".
This is happening on 2 seperate ISE deployment, one standalone and one distributed. Other devices on-board ok. Certs on the distributed system are VeriSign signed.
Having the same problem on 2 different MacBooks
Any ideas before I raise a TAC?
11-02-2017 04:49 PM
has anyone found a resolution for this issue?
11-03-2017 07:24 AM - edited 11-03-2017 08:43 AM
I would go look if there's a new SPW package for MacOS available in ISE. There could be differences in your MacOS version that requires a newer SPW version.
11-08-2017 06:01 AM
Tried the latest SPW - MacOsXSPWizard 2.3.0.43 - and this also fails with the same.
11-08-2017 06:18 AM - edited 11-08-2017 06:19 AM
New with Mac high sierra is ATS (App Transport Security) which requires the App to support best practice HTTPS security which could be modified (but not recommended) in the Info.plist file on the mac. I tried the latest SPW also with the same results you had.
11-08-2017 09:29 AM
SOLVED: When the SPW connects to the ISE it does this over port 8905 and uses the PSN Admin certificate (there can only be one Admin tagged cert) to validate the SSL connection. I both my cases the Admin tagged certificate was self-signed which the MacBook does not like. The Admin tagged cert has to be signed by a (public preferably) Certificate Authority (CA).
Either change the Admin tag to another signed cert (just a tick-box on the cert exercise then the ISE reboots) or have your Admin tagged cert signed by a CA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide