Guest

Preview Tool

Cisco Bug: CSCun41732 - ISE Cert Trusted List is not fully read when a corrupted cert is present

Last Modified

Jun 08, 2016

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

1.2(0.899)

Description (partial)

Symptom:
ISE cannot load the complete Trusted certificate list when a corrupted certificate is present in the list. The certificates present below the corrupted certificate are not fully read on ISE. 

Clients fail certificate authentication if their root cert is present below the corrupted certificate on the ISE Trusted store. ISE live logs indicate the below error:

"12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain"

Conditions:
Client performing TLS authentication and a corrupted certificate is present above the client root certificate on ISE Trusted Certificate Store
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.