Cisco Cisco Identity Services Engine Express License Bundle Troubleshooting Guide
In this example, assume that HTTPS restarts the ISE service.
In order to verify the certificate status on the ISE server, enter this command into the CLI:
CLI:> show application status ise
2.
Once all of the services are active, attempt to log in as an administrator.
3.
For a distributed deployment scenario, navigate to Administration > System > Deployment > Node
Status on the ISE console, and verify the node status.
Status on the ISE console, and verify the node status.
4.
Check that the end user authentication is successful. On the ISE console, navigate to Operations >
Authentications, and review the certificate for Protected Extensible Authentication Protocol
(PEAP)/EAP−Transport Layer Security (TLS) authentication.
Authentications, and review the certificate for Protected Extensible Authentication Protocol
(PEAP)/EAP−Transport Layer Security (TLS) authentication.
5.
Verify Certificate
If you want to check the certificate externally, you can use the embedded Microsoft Windows tools or the
OpenSSL toolkit.
OpenSSL toolkit.
OpenSSL is an open−source implementation of the Secure Sockets Layer (SSL) protocol. If the certificates
use your own private CA, you must place your root CA certificate on a local machine and use the OpenSSL
option −CApath. If you have an intermediate CA, you must place it into the same directory as well.
use your own private CA, you must place your root CA certificate on a local machine and use the OpenSSL
option −CApath. If you have an intermediate CA, you must place it into the same directory as well.
In order to obtain general information about the certificate and verify it, use:
openssl x509 −in certificate.pem −noout −text
openssl verify certificate.pem
It might also be useful to convert the certificates with the OpenSSL toolkit: