Cisco Bug: CSCus19870 - Symantec root CA certificate not automatically trusted by clients
Apr 26, 2018
- Cisco Identity Services Engine (ISE) 3300 Series Appliances
Known Affected Releases
1.2(0.899) 1.2(1.198) 1.3(0.876)
Symptom: When a Symantec certificate is used for ISE validation, the client will throw an error that the Symantec root CA is not trusted. As a result, when an end user connects to ISE for the first time, they get the "Certificate is not trusted" error. This error can be a little confusing and unnerving to those that do not know why it's getting thrown. Conditions: To reproduce this issue, simply use a Symantec CA generated certificate for EAP or HTTPS authentication on ISE. Then, try to authenticate and observe what error is thrown. Next, look at your local certificate store to see what root CAs are already there. The Symantec root CA is probably missing.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases