Guest

Preview Tool

Cisco Bug: CSCus84706 - ISE shows internal error while adding cert if there's 2 cert same subj

Last Modified

Apr 26, 2018

Products (1)

  • Cisco Identity Services Engine (ISE) 3300 Series Appliances

Known Affected Releases

1.3(0.876)

Description (partial)

Symptom:
If you have 2 certs with same subject name in certificate trust store, in the case for example that your CA Cert has been renewed but the old one is still valid, ISE will show internal error when adding certificate and PSC logs will show this exception:

com.cisco.cpm.infrastructure.certmgmt.api.CertMgmtException: Error occurred while deleting certificate from NSS DB: java.security.KeyStoreException: This PKCS11KeyStore does not support write capabilities

The certificate seems added correctly though.

Additionally, if you are importing a renewed certificate which is using the same private key of an existing certificate, the import will fail, and certificate will not be imported.

Conditions:
You have 2 certs with same subject name in certificate trust store
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.