Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2111
Views
20
Helpful
10
Replies

Cisco Prime and ISE intergration

Go to solution
ittechk4u1
Level 4
Level 4

‎09-25-2019 02:47 AM - edited ‎07-05-2021 11:03 AM

Hello Experts,

 

Earlier (Before SSL certificate installation) CPI and ISE was working together but now...I am struggling to get integrate CPI and ISE.

 

ISE version: 2.1.0.474

CPI: 3.5.0.0.55.0

 

Error(s): You must correct the following error(s) before proceeding:

Error: The connection to ISE with IP address "xx.xx.xx.xx" has timed out. Please check the network connectivity and the user account status on the ISE.

 

Thanks

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎09-27-2019 04:21 AM

Hi,

 

Did you installed the new certificates on both ? if yes then you need to delete the old certificate of ISE from Cisco prime CLI.

 

Regards

Dont forget to rate helpful posts

View solution in original post

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to ittechk4u1

‎09-29-2019 11:56 PM

check under tofu-certs or trusted certs:

 

check the old certs: ncs certvalidation tofu-certs listcerts

Delete using the command: ncs certvalidation tofu-certs deletecert host IP_PORT

 

Regards

Dont forget to rate helpful posts

View solution in original post

10 Replies 10

Go to solution
Flavio Miranda
VIP
VIP

‎09-25-2019 05:51 AM

Hi

 Considering you actually have connectivity OK,  this probably a Bug. 

 

 

-If I helped you somehow, please, rate it as useful.-

0 Helpful

Go to solution
ittechk4u1
Level 4
Level 4
In response to Flavio Miranda

‎09-25-2019 09:33 PM

Even i guess so. I will check if i can raise a TAC case ..

0 Helpful

Go to solution
pieterh
VIP
VIP

‎09-25-2019 05:55 AM

at first check if time-sync and time-zone match.

if this is both self signed certificate  then both need to "know" and trust each others certificate

if it is public certificate, then both bust know and trust the root and intermediate certificate in the chain.

 

Go to solution
ittechk4u1
Level 4
Level 4
In response to pieterh

‎09-25-2019 09:35 PM

Time is correct on both.

 

I installed wildcard CA signed cert on ISE and SSL cert signed by CA on cisoc prime but prime showing error "Mismatched address" as certificate error.

 

I suspect its the issue with TLSV1 handshake.

 

Thanks

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎09-27-2019 04:21 AM

Hi,

 

Did you installed the new certificates on both ? if yes then you need to delete the old certificate of ISE from Cisco prime CLI.

 

Regards

Dont forget to rate helpful posts

Go to solution
ittechk4u1
Level 4
Level 4
In response to Sandeep Choudhary

‎09-29-2019 10:39 PM

Let me try it. Thank for suggestion.

0 Helpful

Go to solution
ittechk4u1
Level 4
Level 4
In response to ittechk4u1

‎09-29-2019 11:50 PM

can you please tell me how can i do it ? I tried but didn't find a way...

 

Thanks

 

 

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to ittechk4u1

‎09-29-2019 11:56 PM

check under tofu-certs or trusted certs:

 

check the old certs: ncs certvalidation tofu-certs listcerts

Delete using the command: ncs certvalidation tofu-certs deletecert host IP_PORT

 

Regards

Dont forget to rate helpful posts

Go to solution
ittechk4u1
Level 4
Level 4
In response to Sandeep Choudhary

‎09-30-2019 12:09 AM

Excellent. It worked now after deletion of trusted old certs.

 

Thank a lot. you guys are awesome.

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to ittechk4u1

‎09-30-2019 12:17 AM

Glad it helped. Thanks for rating.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card