Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
While authenticating phones signed by a CA-Signed CAPF, ISE fails to authenticate the phones with the error being, "client certificate is missing the complete chain".On extracting the client certificate form the ISE pcaps, we observed the whole chain...
-- The C4510 switch was upgraded from 3.9.1 to 3.9.2-- The ip phones were failing authentication and ISE did not show any authentication attempt-- Checked the Auth Manager and found no active sessions#sh auth sess int g1/20No sessions match supplied ...
Hi Louey,
You can perform Machine+User authentication using EAP-Chaining on the Windows Native Supplicant. This can be achieved using the TEAP protocol.
Sharing the doc for reference : https://www.cisco.com/c/en/us/support/docs/security/identity-serv...
Hi Jetpack,
You could reach out to Cisco TAC to clear the expired certificate from the ISE DB if not present in the ISE GUI.Disabling the ISE certificate expiry alarm will not be the best way forward as usable certificates may also fall in this cat...
