I have a case below:
I have an ISE node. EAP certificate is expired so I renewal it and received the certificate from Zone which is using normal for other sites ( Europe, India, America..) But in Vietnam, we met the issue as the picture below. We change the EAP certificate from Comodo to Sectigo. Import successfully to ISE, a client can connect now, but it does not automatically connect anymore, every time we move to another AP we need to click connect twice.
Could you please help or support?
"show certificate details" may guide you to the root cause
- the host-name does not match the name in the certificate
this would be immediately shown
- when using multiple ISE servers , you may need to configure SAN names in the certificate
certificate details -> alternate names
- you may have imported a certificate with incorrect certification-chaining
certificate details -> certification path
Some additional basic checks ...
verify Sectigo root cert chain in present on client.
On ISE end I am sure you check Sectigo root cert to be used for client authentication.