Blog |Follow Nick on Mastodon| About
 

This is a good one where Android devices will provision but Apple iOS will not.... and it only happens with Publicly Signed Certificates (installed on the ISE PSN).

As per the screenshot, the iPhone profile installation fails with the error Profile Installation Failed and The Registration Authority's response is invalid.

Check to see if your certificate has a Digicert chain. See Cisco Bug CSCul69023. Take a look at the work around:

Open the ISE admin GUI with Firefox, View the certificate, the chain, click on "DigiCert High Assurance EV Root CA"

Export it and then import it on ISE Certificate Store

Nice, init? If you imported your certificate using the Root Chain from Internet Explorer then the iPhone complains, it needs a specific root CA.

 

 
Nick Bettison ©