Requirements
Generate CSR
in Central Management
Skip CSR
in Central Management
File Format*
PEM (.cer, .crt, .pem) or
PKCS#12 (.p12, .pfx, .pks)
PKCS#12 (.p12, .pfx, .pks)
Keys*
RSA Key Lengths Available:
2048 bits (not recommended),
4096 bits, or 8192 bits
ECDSA Curves: Not available
RSA Key Lengths Required:
2048 bits (not recommended) or
more
or
ECDSA Key Curves Required:
NIST P-256, P-384, or P-521
Signed By
Confirm the client identity
certificate is self-signed or
signed by a Certificate Authority.
Confirm the client identity
certificate is self-signed or
signed by a Certificate Authority.
Authentication
(Extended Key
Usage)*
The CSR requests client
(clientAuth)authentication.
Client (clientAuth) authentication
is required for client identity
certificates.
Date Range
Confirm the certificate dates are
current and not expired.
Confirm the certificate dates are
current and not expired.
*If you generate the CSR in Central Management, the listed requirements designated
with (*) are included in the CSR.
Testing the Configuration
After deploying the certificates, go to ISE Troubleshooting TechNotes article,
https://www.cisco.com/c/en/us/support/docs/security/identity-services-
engine/217511-troubleshoot-sna-ise-integration-conn.html, to verify that the ISE
integration with Secure Network Analytics is configured correctly.
If the ISE management channel is down in Secure Network Analytics after you’ve updated
to v7.5.0, restart ISE and check the configuration. Then, refresh the ISE Configuration
page in Secure Network Analytics. Refer to Refresh the ISE Configuration page for
more information.
© 2024 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 5 -
Introduction