Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1357
Views
4
Helpful
6
Replies

Binding Certificate/Private Key validtion failed

Go to solution
Ruelb2214
Level 1
Level 1

‎06-15-2023 01:01 AM

Hello All,

Has anyone encounter issue when they bind certificate, error will pop-up certificate/private key validation failed.

We have generated CSR in Cisco ISE for Portal usage, then we submitted to public CA to signed, they send us .crt file including the intermediate certificate, I uploaded the intermediate .crt to Trusted Certificate. Then I bind the signed cert in, after click submit its shows error certificate/private key validation failed.

Can someone guide me, is it correct to use the .crt file in binding or must use the .pem file? because the public CA onlne send us .crt file.

2 people had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
ammahend
VIP
VIP

‎06-16-2023 12:23 AM

basic check but I am assuming you also have the root certificate in trusted certificate store and not just intermediate.

seems when you are binding the signed certificate ISE is not able to decrypt the signed public certificate with the private key generated in system when you generate CSR. I am not sure you can export private key out of ISE to test this out,  might be easier to just generate a new CSR, enure complete chain in imported in trusted store and then bind again, don't think you will have to pay again, you should be able to revoke and sign a new CSR with your CA.

-hope this helps-

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Ruelb2214
Level 1
Level 1

‎06-15-2023 11:00 PM

well I got .pem file but still shows error certificate/private key validation failed. Anyone has idea what is wrong on my config?

Go to solution
M02@rt37
VIP
VIP
In response to Ruelb2214

‎06-15-2023 11:59 PM

Hello @Ruelb2214,

Use external tools, such as OpenSSL, to validate the certificate and private key outside of the Cisco ISE environment. This can help identify any issues with the certificate files themselves:

openssl x509 -in certificate.pem -text -noout
openssl rsa -in privatekey.pem -check

These commands will check the certificate and private key respectively for any errors or issues.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
JuanG Gonzalez Bravo
Level 1
Level 1
In response to Ruelb2214

‎01-17-2024 03:14 PM

hello, you finally succeeded? i have the same problem

0 Helpful

Go to solution
Ruelb2214
Level 1
Level 1
In response to JuanG Gonzalez Bravo

‎01-22-2024 09:26 PM

@ammahend thanks for your feedback.

@JuanG Gonzalez Bravo yeah was able to resolved. I trace back to the CA, and there was problem in CA when it sign the cert.

Go to solution
ammahend
VIP
VIP

‎06-16-2023 12:23 AM

basic check but I am assuming you also have the root certificate in trusted certificate store and not just intermediate.

seems when you are binding the signed certificate ISE is not able to decrypt the signed public certificate with the private key generated in system when you generate CSR. I am not sure you can export private key out of ISE to test this out,  might be easier to just generate a new CSR, enure complete chain in imported in trusted store and then bind again, don't think you will have to pay again, you should be able to revoke and sign a new CSR with your CA.

-hope this helps-
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to ammahend

‎06-16-2023 05:50 AM

Do you get cert from ppan span or other node?

Can I see the tree of cert

0 Helpful
Customers Also Viewed These Support Documents