ISE 3.1: Can’t import a wildcard certificate into secondary management node

In a simple split deployment with 2 nodes with PAN, MnT and PSN roles enabled per node. Importing a wildcard certificate fails for ISE portals, the first node imports it good, but the cert is not imported on the second one. And when trying to import it again it fails showing the error message:

“You are attempting to import/generate/update a certificate which exactly matches with existing certificate in the system having same subject and same public key. Please retry the operation with certificate having either a different subject or a different public key than existing certificate.”

To solve this problem try with this steps:

  1. Created self-signed certificate and move the portal, eap and any enabled usage on the wildcard certificate to it.
  2. The impacted wildcard affected certificate became not in use.
  3. Delete the impacted wildcard certificate” not in use” and import it again without choosing any usage.
  4. Now the certificate should be imported to all nodes.
  5. Go to the newly imported wildcard certificate, edit it and assigning the portal and any other dessired usage to it successfully.
  6. Remove all not in use certificates.

Hope that this helps others to solve this issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.