ISe Certificate problem

antero · ‎12-26-2011

i'm installing ISe with certificates, and get a problem when trying to install the certificate.

followyng cisco steps from the book, when do "BIND CA Certificate" to EAP appears a message (as attached) saying that "there is no matching CSR to bind this certificate", when try to management interface only appear an error that "management Certificate must contain teh HOST FQDN in CN component of subjetct field".

I configured the CN correctly as Document said.

Step 3 Create a certificate signing request (CSR)

a. Go to Administration > System > Certificates > Local Certificates, and click

Add

b. Generate a certificate signing request

Attribute Value

Certificate Subject CN=ise-1.demo.local

Key Length 4096

thanks

Antero

Steve Dussault · ‎03-06-2012

Did you ever resolve this? I am getting the same message.

aman.diwakar · ‎03-16-2012

Im seeing the same problem in ISE

Tarik Admani · ‎03-17-2012

Are you using a microsoft CA server? If so are you copying and pasting the output of the CSR using RDP over to the CA? I hit the same issue before and as a workaround i ftp'd the csr file to the CA and copied and pasted it there and generated the cert. (I had to do this since I run a macbook and I can hit the CA page using Mozilla).

Steve Dussault · ‎03-19-2012

In my case I found the issue - the name of the ISE in CLI did not match exactly the name in the CSR. The CSR must match the name of ISE host configured in the CLI.

aman.diwakar · ‎03-26-2012

Same with me, the name is actually case sensitive when creating the CSR.

Ravi Singh · ‎07-31-2013

I also stuck with same issue and later on found that there is problem with ise name in CSR it was not exactly match with ISE. I would suggest you to check the same.

bikespace · ‎08-01-2013

I don't know if its still valid, but there was also a recommendation that the server name should always be lower case. Just thought I'd add that. I'm still sticking to it just in case.

Sent from Cisco Technical Support iPhone App