Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ISE can not Import Server Certificate

I want to use 802.1x EAP-TLS protocol authenticate client,then requested web server certificate from Microsoft 2003 CA server and saved it to my PC,  when I open local Certificates>Import Server  page in ISE , there is "Private Key File" item,but I don't know how generate this file.

In addition,after I Submit,ISE prompt "Unable to read certificate file - please be sure file is in PEM or DER format".

Anyone tell me how procedure I do,truly grateful.

Everyone's tags (5)

ISE can not Import Server Certificate


If you generated the CSR on the ISE node locally, you are choosing the wrong option. Please use the "Bind CA Signed Certificate" option instead. The private key is generated already when you created the CSR on the ISE.

As far as your 2nd question what are you doing to get this error? Are you generating a bogus private key file and trying to import this?


Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
Cisco Employee

ISE can not Import Server Certificate

Steps for configuring certificate in ISE

Step 1 :Download the CA’s certificate

Step 2 :Trust the CA in ISE a. In ISE, go to Administration > System > Certificates > Certificates Authority Certificates

b. Add the CA certificate as a trusted certificate

Step 3: Create a certificate signing request (CSR)

Go to Administration > System > Certificates > Local Certificates, and click Add

b. Generate a certificate signing request

c. Export the CSR from Administration > System > Certificates > Certificate Signing Requests

d. Once saved, open the .PEM file with notepad and copy the entire contents to the clipboard.

Step 4: Submit the CSR to the CA for signing

Step 5: Bind the certificate to the signing request

a. In ISE, go to Administration > System > Certificates > Local Certificates and add the certificate by binding the certificate.

Step 6 :Confirm that the new ISE certificate is being used

a. Log out of ISE and close all browser windows

b. Reopen the browser and go to the ISE login page. Confirm that the browser is securing the https session using the new ISE certificate.

CreatePlease to create content