ISE - enabling CRL breaks all our certificate authentication
we have a strange issue with ISE 1.2(899).
Some of our clients ( PC's, printers, IP phones ) are using certificates to authenticate on the network.
The printers and the IP phones use the same CA produced certificates ( for the record we call it CA Alpha ) but the PC's are using certificates provided by another CA ( called CA Beta ).
The issue that if we configure CRl for CA Alpha ( CRL download is OK, verified with tcpdump ) we saw that all the clients ( clients using CA Alpha or Beta ) cannot authenticate and they are displaying error messages,
12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain
SSL alert: code=0x230=560 ; source=local ; type=fatal ; message="Unknown CA - error unable to get issuer certificate locally"
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...