12-31-2022 09:31 AM
ISE Nodes in deployment dissconnected after change self signed certificate to CA wildcard certificate .
when i tried to register ise i got below error, can some one help me to solve it please.
Unable to authenticate ISE (xxxise) Please check certificate configuration.
Make sure from 'Primary Admin node', system certificate chain of registering node is present in 'Trusted certificates' and is enabled with 'Trust for authentication within ISE' option selected
1 Deregister and register incomplete due to above error .
2 Sync icon do not working .
3 CA wildcard certificate present in system certificates on all nodes , and in Trusted in primary node .
4 As i understand need to have the Root CA certificate in Trusted certificates. can someone correct me if i am wrong?
BR
Solved! Go to Solution.
12-31-2022 09:47 AM - edited 12-31-2022 09:47 AM
what is the version of ISE - is this a Local CA or signed by the Public CA Server?
is the Certs used before from the same CA, or is the Local CA changed and generated a wildcard?
if the local CA changed you need to add root CA to ISE to trust.
12-31-2022 09:47 AM - edited 12-31-2022 09:47 AM
what is the version of ISE - is this a Local CA or signed by the Public CA Server?
is the Certs used before from the same CA, or is the Local CA changed and generated a wildcard?
if the local CA changed you need to add root CA to ISE to trust.
12-31-2022 11:38 PM
HI
what is the version of ISE Version: 2.6.0.156 Patch Information: 7
- is this a Local CA or signed by the Public CA Server? Public CA Signed by third party .
is the Certs used before from the same CA, Not used by ise before .
or is the Local CA changed and generated a wildcard? We generate wildcard CSR and sent to CA
if the local CA changed you need to add root CA to ISE to trust.
BR
01-01-2023 02:26 AM
i would compare the primary node with other nodes below cisco certificate, also make sure the domain is not changed from previous to now.
01-02-2023 01:51 AM
Hi
The temp solution to restore deployment , i deregister sec the secondary node and make it standalone then generate Self Signed admin cert and re register the node to deployment .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide