CISCO ISE Export local certificate Import ERROR

johnattard · ‎06-01-2014

Hi guys

I have set up a two node deployment and I have exported the local certificate and private key from the primary node and have tried to import it on the secondary node but I get the following error popping up " Key pair import failed: mismatched private key". I have made sure the key password is correct but still no luck.

the current set-up is ;

- sercodnary node has been connected to the primary node

- AD integration has occurred

- the root cert has been imported in the certificate store for the certificate that is trying to be loaded.

Cisco ISE platform: 3415 server

Cisco ISE version: 1.2 latest build

Thanks

John

Saurav Lodh · ‎06-03-2014

refer this discussion

https://supportforums.cisco.com/discussion/11722981/ise-certificate-and-mismatched-private-key

johnattard · ‎06-03-2014

Hi Salodh

Thanks for the reference, I took the link into consideration and then I tried a different work around and I believe I have an answer to what is happening.

When the certificate is exported by ISE it also includes the signing CA certificate (either root and/or int), the output of the PEM files puts the certificate in the wrong order and when it tries to match the private key it matches it to the CA or intermediate certificate and not the host certificate.

in my case when I exported the certificate from ISE ndoe 1, it produced a pem file with two certificates. I just swaped the order of the certificates in the pem file and it worked straight away.