Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ISE 1.1.2 and certificates

Hello all,

i have a pretty simple setup, 2 admin/mon node and 2 PSN

Both PSN  have public cert installed and on the admin, i did add a private CA root cert.

Problem: the CA root cert was upgraded from a SHA1 to SHA256RSA. I imported the new CAroot to the CA store on the primary admin node and activated the 'trust for client authentication' but i get a: could not initialize eap-tls,eap-fast,peap. Both cert have the same name, same issuer

Question: Wich certificate are being uses for eap-tls authentication. should i delete the old one on CA store?

endpoint are still using sha1 and some sha256.

am i right to think that client to server is using the CAroot and server to client is using publicCert ?

 

Any hint would be grealty appreciated

 

 

Everyone's tags (1)
66
Views
0
Helpful
0
Replies
CreatePlease to create content