Preview Tool

Cisco Bug: CSCvi66171 - Unable to sign CSR with Basic Constraints Extension

Last Modified

Oct 16, 2018

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases


Description (partial)

When using ISE internal CA to sign CSRs, there is an error when tryin to sign CSR with X509v3 Basic Constraints filed.

Error on the Certificate provisioning portal:
CA error

Logs extract:
2018-03-26 13:20:06,363 DEBUG  [caservice-http-94444][scep job b4a3c483b9c4bf6035795a9fc26e5617c30da1f6 0xf491fa40 request] -:::::- request validation result CR_EXTENSION_UNSUPPORTED
2018-03-26 13:20:06,363 WARN   [caservice-http-94444][scep job b4a3c483b9c4bf6035795a9fc26e5617c30da1f6 0xf491fa40 request] -:::::- Certificate Services Endpoint Certificate request failed validation

- ISE internal CA;
- Certificate provisioning portal;
- CSR containing the fields below:

        Requested Extensions:
            X509v3 Basic Constraints: 
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.