Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CISCO ISE Export local certificate Import ERROR

 

 

Hi guys

 

I have set up a two node deployment and I have exported the local certificate and private key from the primary node and have tried to import it on the secondary node but I get the following error popping up " Key pair import failed: mismatched  private  key". I have made sure the key password is correct but still no luck.

 

the current set-up is ;

- sercodnary node has been connected to the primary node

- AD integration has occurred 

- the root cert has been imported in the certificate store for the certificate that is trying to be loaded.

Cisco ISE platform: 3415 server

Cisco ISE version: 1.2 latest build 

Thanks

 

John

 

 

Everyone's tags (1)
2 REPLIES

refer this discussionhttps:/

refer this discussion

https://supportforums.cisco.com/discussion/11722981/ise-certificate-and-mismatched-private-key

New Member

Hi SalodhThanks for the

Hi Salodh

Thanks for the reference, I took the link into consideration and then I tried a different work around and I believe I have an answer to what is happening.

 

When the certificate is exported by ISE it also includes the signing CA certificate (either root and/or int), the output of the PEM files puts the certificate in the wrong order and when it tries to match the private key it matches it to the CA or intermediate certificate and not the host certificate.

 

in my case when I exported the certificate from ISE ndoe 1, it produced a pem file with two certificates. I just swaped the order of the certificates in the pem file and it worked straight away.

 

 

243
Views
0
Helpful
2
Replies
CreatePlease login to create content