Guest

Preview Tool

Cisco Bug: CSCus19870 - Symantec root CA certificate not automatically trusted by clients

Last Modified

Jun 09, 2016

Products (1)

  • Cisco Identity Services Engine (ISE) 3300 Series Appliances

Known Affected Releases

1.2(0.899) 1.2(1.198) 1.3(0.876)

Description (partial)

Symptom:
When a Symantec certificate is used for ISE validation, the client will throw an error that the Symantec root CA is not trusted. As a result, when an end user connects to ISE for the first time, they get the "Certificate is not trusted" error. This error can be a little confusing and unnerving to those that do not know why it's getting thrown.

Conditions:
To reproduce this issue, simply use a Symantec CA generated certificate for EAP or HTTPS authentication on ISE. Then, try to authenticate and observe what error is thrown. Next, look at your local certificate store to see what root CAs are already there. The Symantec root CA is probably missing.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.