Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Cisco ISE Fails to Create CSR/Self Signed Certficate

Hi,

I am trying to create a Certificate signing request for the Cisoe ISE, however it seems to keep prompting with an error "Failed  to write to file". Looking at the logs file it gives the following errors for both CSR and self sign certificate creation:

ise-psc.log:

2012-08-13 17:10:41,592 ERROR 2012-08-13 17:33:41,592  [http-443-5][] cpm.admin.infra.action.LocalCertAddAction- Unable to import certificate : com.cisco.cpm.infrastructure.certmgmt.api.CertMgmtException: CSR generation failed: Failed to write to file

pki.log:

Crypto::Result=0, Initialize

Crypto::Result=207, Crypto.Manager.init - Module already initialized

Crypto::Result=0, Initialize Private Key Password Key File

Crypto::Result=0, Private key password key file /opt/CSCOcpm/prrt/config/prikeypwd.key exists, using it

Crypto::Result=0, Generating certificate sign request

Crypto::Result=1, Unable to encode private key

Crypto::Result=1, Unable to encode private key

Crypto::Result=221, Unable to write private key file /opt/CSCOcpm/prrt/config/D09CFE0317AA476B8BA62125B357EB05.key

Crypto::Result=221, Unable to write private key blob by guid

Crypto::Result=0, Shutdown

Crypto::Result=0, Initialize Private Key Password Key File

Crypto::Result=0, Private key password key file /opt/CSCOcpm/prrt/config/prikeypwd.key exists, using it

Crypto::Result=0, Generating self-signed certificate

Crypto::Result=1, Unable to encode private key

Crypto::Result=1, Unable to encode private key

Crypto::Result=221, Unable to write private key file /opt/CSCOcpm/prrt/config/9658B66AD99B40D08153644ABAF4F1EB.key

Crypto::Result=221, Unable to write private key blob by guid

Crypto::Result=0, Shutdown

The ise version is 1.1   Not too sure what may be causing the error?

Any help is appreciated.

Thanks.

8 REPLIES

Cisco ISE Fails to Create CSR/Self Signed Certficate

Hi,

Did you try rebooting the appliance? I am curious to see if that fixes your problem.

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
Community Member

Cisco ISE Fails to Create CSR/Self Signed Certficate

Did you ever resolve this issue?

I have the same problem

Cisco ISE Fails to Create CSR/Self Signed Certficate

Hi,

Is there another CSR already generated? If so, can you delete it and try it again?

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
Community Member

Cisco ISE Fails to Create CSR/Self Signed Certficate

NO other CSR, just the other cert imported from secondary ise when registering it as secondary and that needs to be there I assume.

Community Member

Cisco ISE Fails to Create CSR/Self Signed Certficate

Rebooting ISE fixed the issue.

Community Member

Cisco ISE Fails to Create CSR/Self Signed Certficate

Hi Tarik,

We just manged to reboot the server and the issue is resolved after reboot. I was wondering if you may know the possible cause of it?

Thanks.

Cisco ISE Fails to Create CSR/Self Signed Certficate

If you could send me the logs when you generate another CSR as a test I would like to see if the GUID changed or not when it was able to write the private key file:

/opt/CSCOcpm/prrt/config/D09CFE0317AA476B8BA62125B357EB05.key

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
Community Member

Cisco ISE Fails to Create CSR/Self Signed Certficate

Have you been able to sign that CSR by any third party CA?

I do follow this:

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_man_cert.html#wp1077292 , but when I make a request at a third party CA ie thawte has a free trial version:

https://ssl-certificate-center.thawte.com/process/retail/trial_product_selector;jsessionid=75893E7019CD1CC2E330D5403CD8696F?uid=fe2b60347ab27960b866a286146b7c33&locale=THAWTE_US

when I submit a csr it's giving me an error saying csr needs a ORGANIZATION NAME eventhough i did put a name there.

I have been messing with openssl to create the request somehow.

2083
Views
0
Helpful
8
Replies
CreatePlease to create content