08-22-2019 09:39 PM - edited 07-05-2021 10:53 AM
Dear All
I have a case below:
I have an ISE node. EAP certificate is expired so I renewal it and received the certificate from Zone which is using normal for other sites ( Europe, India, America..) But in Vietnam, we met the issue as the picture below. We change the EAP certificate from Comodo to Sectigo. Import successfully to ISE, a client can connect now, but it does not automatically connect anymore, every time we move to another AP we need to click connect twice.
Could you please help or support?
Thanks
DungTran
08-23-2019 05:54 AM
08-23-2019 07:13 AM
"show certificate details" may guide you to the root cause
possibilities:
- the host-name does not match the name in the certificate
this would be immediately shown
- when using multiple ISE servers , you may need to configure SAN names in the certificate
certificate details -> alternate names
- you may have imported a certificate with incorrect certification-chaining
certificate details -> certification path
08-24-2019 03:46 PM
Some additional basic checks ...
verify Sectigo root cert chain in present on client.
On ISE end I am sure you check Sectigo root cert to be used for client authentication.
08-25-2019 09:36 PM
08-25-2019 10:37 PM
yes If you are using this certificate for client EAP auth.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide