cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1674
Views
0
Helpful
4
Replies

Cisco ISE disconnected node

assers001
Level 1
Level 1

ISE Nodes in deployment dissconnected after change self signed certificate to CA wildcard certificate .

when i tried to register ise i got below error, can some one help me to solve it please.

Unable to authenticate ISE (xxxise) Please check certificate configuration.
Make sure from 'Primary Admin node', system certificate chain of registering node is present in 'Trusted certificates' and is enabled with 'Trust for authentication within ISE' option selected

1 Deregister and register incomplete due to above error .
2 Sync icon do not working .
3 CA wildcard certificate present in system certificates on all nodes , and in Trusted in primary node .
4 As i understand need to have the Root CA certificate in Trusted certificates. can someone correct me if i am wrong?

 

BR

1 Accepted Solution

Accepted Solutions

balaji.bandi
Hall of Fame
Hall of Fame

what is the version of ISE -  is this a Local CA or signed by the Public CA Server?

is the Certs used before from the same CA, or is the Local CA changed and generated a wildcard?

if the local CA changed you need to add root CA to ISE to trust.

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215621-tls-ssl-certificates-in-ise.html

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

what is the version of ISE -  is this a Local CA or signed by the Public CA Server?

is the Certs used before from the same CA, or is the Local CA changed and generated a wildcard?

if the local CA changed you need to add root CA to ISE to trust.

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215621-tls-ssl-certificates-in-ise.html

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

HI 

what is the version of ISE  Version: 2.6.0.156 Patch Information: 7

-  is this a Local CA or signed by the Public CA Server?  Public CA Signed by third party .

is the Certs used before from the same CA, Not used by ise before .

or is the Local CA changed and generated a wildcard? We generate wildcard CSR and sent to CA 

if the local CA changed you need to add root CA to ISE to trust. 

 

BR

i would compare the primary node with other nodes below cisco certificate, also make sure the domain is not changed from previous to now.

balajibandi_0-1672568639220.png

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi

The temp solution to restore deployment , i deregister sec the secondary node and make it standalone then generate Self Signed  admin cert and re register the node to deployment .