cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7177
Views
25
Helpful
4
Replies

ISE import CA signed certificate - path validation failed

jheuke007
Level 1
Level 1

Hi,

 

when importing/ binding CA signed certificate (multi-use) to ISE I receive the error "certificate path validation failed. Make sure required certificate chain is imported under trusted certificates".

As we don't have a cert chain  - I've only importet the Root CA cert. into the trusted certificates store.

 

Currently I'm on ISE 2.4.0.357

 

Am I missing something important here?

 

Thanks a lot!

4 Replies 4

pieterh
VIP
VIP

did you follow this document (or other ISE version)?

are you sure no intermediate CA is involved ?  if so you may need to import this also in the trusted store

dbogdan
Level 1
Level 1

Not sure anyone is reading this one anymore because it's old.  I had the same issue and found that the Root certificate for the CA was missing.  We use GlobalSign and it wasn't there. Once I imported their root cert, and their intermediate cert I was able to bind.  I hope that helps anyone looking for an answer here.  

eddcabal
Cisco Employee
Cisco Employee

Adding to this error, ran into same issue with internal MSFT PKI (Root + Sub). Had to import both CA certs which doesn't make sense but my guess is it because the ISE server doesn't know or trust either CA's during and after import

I have always imported the full chain even if there are multiple intermediate CA’s.
-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: