cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
157
Views
0
Helpful
5
Replies
Beginner

Renewal Certificate ISE

Dear All

 

I have a case below:

 

I have an ISE node. EAP certificate is expired so I renewal it and received the certificate from Zone which is using normal for other sites ( Europe, India, America..) But in Vietnam, we met the issue as the picture below. We change the EAP certificate from Comodo to Sectigo. Import successfully to ISE, a client can connect now, but it does not automatically connect anymore, every time we move to another AP we need to click connect twice.

 

One.JPG

 

Could you please help or support?

Thanks

DungTran

5 REPLIES 5
VIP Advocate

Re: Renewal Certificate ISE

Do you have more than one Radius server configured? If yes, do both use the same root certificate / issuer of the certificate?
If not, then this is the normal behavior.
Make sure that the certificate shown to the client is actually the correct one and not a Man in the Middle attack with a rogue access point.
Rising star

Re: Renewal Certificate ISE

"show certificate details" may guide you to the root cause

possibilities:

- the host-name does not match the name in the certificate

  this would be immediately shown 

- when using multiple ISE servers , you may need to configure SAN names in the certificate
  certificate details -> alternate names

- you may have imported a certificate with incorrect certification-chaining

   certificate details -> certification path

Contributor

Re: Renewal Certificate ISE

Some additional basic checks ... 

verify Sectigo root cert chain in present on client.

On ISE end I am sure you check Sectigo root cert to be used for client authentication.

-Rate helpful posts-
Beginner

Re: Renewal Certificate ISE

Dear Ammahend
Root cert already verified by Zone.
So in the ISE end, i need to enable: Trust for client authentication and Syslog ?
Thanks
DungTran
Contributor

Re: Renewal Certificate ISE

yes If you are using this certificate for client EAP auth. 

-Rate helpful posts-
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards