06-01-2014 09:19 PM - edited 03-10-2019 09:45 PM
Hi guys
I have set up a two node deployment and I have exported the local certificate and private key from the primary node and have tried to import it on the secondary node but I get the following error popping up " Key pair import failed: mismatched private key". I have made sure the key password is correct but still no luck.
the current set-up is ;
- sercodnary node has been connected to the primary node
- AD integration has occurred
- the root cert has been imported in the certificate store for the certificate that is trying to be loaded.
Cisco ISE platform: 3415 server
Cisco ISE version: 1.2 latest build
Thanks
John
06-03-2014 12:25 AM
refer this discussion
https://supportforums.cisco.com/discussion/11722981/ise-certificate-and-mismatched-private-key
06-03-2014 08:11 PM
Hi Salodh
Thanks for the reference, I took the link into consideration and then I tried a different work around and I believe I have an answer to what is happening.
When the certificate is exported by ISE it also includes the signing CA certificate (either root and/or int), the output of the PEM files puts the certificate in the wrong order and when it tries to match the private key it matches it to the CA or intermediate certificate and not the host certificate.
in my case when I exported the certificate from ISE ndoe 1, it produced a pem file with two certificates. I just swaped the order of the certificates in the pem file and it worked straight away.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: