Cisco Bug: CSCus19870 - Symantec root CA certificate not automatically trusted by clients

Last Modified

Apr 26, 2018

Products (1)

Cisco Identity Services Engine (ISE) 3300 Series Appliances

Known Affected Releases

1.2(0.899) 1.2(1.198) 1.3(0.876)

Description (partial)

Symptom:
When a Symantec certificate is used for ISE validation, the client will throw an error that the Symantec root CA is not trusted. As a result, when an end user connects to ISE for the first time, they get the "Certificate is not trusted" error. This error can be a little confusing and unnerving to those that do not know why it's getting thrown.

Conditions:
To reproduce this issue, simply use a Symantec CA generated certificate for EAP or HTTPS authentication on ISE. Then, try to authenticate and observe what error is thrown. Next, look at your local certificate store to see what root CAs are already there. The Symantec root CA is probably missing.

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts