Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
312
Views
0
Helpful
2
Replies

PXgrid Issue between ISE & SWA

goudier2001
Level 1
Level 1

‎02-07-2025 03:53 PM

I've followed the steps enabling PXgrid on ISE & SWA to share tagging but when testing the connectivity between SWA and ISE the following output is provided from SWA.

Does anyone know the issue or how to troubleshoot the problem?

Validating WSA client certificate ...
Success: Certificate validation successful

Validating ISE pxGrid Node certificate(s) ...
Success: Certificate validation successful
Success: Certificate validation successful

Checking connection to ISE pxGrid Node(s) ...
Trying primary PxGrid server...
Preparing TLS connection...

Certificate validation error SSL Exception: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown.

Certificate validation error SSL Exception: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown.

Certificate validation error SSL Exception: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown.

Failure: Connection to ISE pxGrid Node failed.
Trying secondary PxGrid server...
Preparing TLS connection...

Certificate validation error SSL Exception: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown.

Certificate validation error SSL Exception: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown.

Certificate validation error SSL Exception: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown.

Failure: Connection to ISE pxGrid Node failed.

Test interrupted: Fatal error occurred, see details above.

Labels:
0 Helpful
2 Replies 2

goudier2001
Level 1
Level 1

‎02-07-2025 04:04 PM

FYI 

ISE version is 3.2 P7

SWA version is 15.2.2

0 Helpful

amojarra
Cisco Employee
Cisco Employee

‎02-09-2025 12:22 AM - edited ‎02-09-2025 12:22 AM

Hello @goudier2001 

 

Thank you for the information

[1] Could you please confirm you have "Automatically Approve of PxGrid certificate" enabled

ISE GUI >> Administration >> PxGrid Services >> Settings

amojarra_0-1739088885060.png

[2] Kindly check if all the necessary Certificates from ISE are imported and trusted in WSA

ISE GUI >> Administration >> System >> Certificates >> Certificate Authority >> Certificate Authority Certificates >> Export

amojarra_1-1739089030323.png

[2-1] we need to import the Root CA first , submit & Commit, then Node CA, submit & Commit, and Endpoint CA, submit & Commit.

 

[3] when you create the PXGrid certificate in WSA, submit & Commit, then while importing to ISE please make sure "Trust for client Authentication and Syslog" is checked 

ISE GUI >> Administration >> System >> Certificates >> Certificate Management >> Trusted Certificates

amojarra_2-1739089298927.png

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++     If you find this answer helpful, please rate it as such    ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

 

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
0 Helpful
Customers Also Viewed These Support Documents
Top