Tuesday, October 16, 2012

Neuron: Generating a CSR for Cisco ISE and Windows 2003 CA

If you have a Windows 2003 based Certificate Authority (CA) in your enterprise, you need to keep one thing in mind when generating a Certificate Signing Request (CSR) from Cisco ISE.  By default Cisco ISE uses SHA-256 for the CSR.  Windows 2003 only supports SHA-1.  So when you generate the request, make sure to select SHA-1.  This will save you countless headaches and hours of frustration.


5 comments:

  1. Benjamim, how to select the sha-1 on ISE 1.1?
    I didnt find this options and I am having a big headache generating this CSR.

    ReplyDelete
  2. The menu for SHA-1 vs SHA-256 is shown after you go to Certificates and click Add and then Generate CSR. See the new picture above.

    ReplyDelete
  3. Already found it thought that field was not editable tks!!!!

    ReplyDelete
  4. Hei Benjamin, here I am again

    do you know how to profile Active Directory machines??

    ReplyDelete
  5. I haven't gotten that far into my deployment yet. I'm taking it one baby step at a time in between other projects.

    ReplyDelete