Welcome to Cisco DNAC - ISE Collector Keystores Generation Utility!

This utility guides in Cisco DNA Center Assurance and Cisco ISE Integration, and also creates the required Cisco DNAC compatible certificates from ISE certificates.

This utility is available AS-IS without any support, warranty or liability of any sort. Use it at your own discretion.

For reporting corrections / feedback, send an email to Anand Kanani - [email protected]. Check out all my scripts here

Cisco Documentation Reference:- https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-2-1/user_guide/b_dnac_ug_1_2_1/b_dnac_ug_1_2_chapter_010010.html


Step 1:- OpenSSL Cert Store ZIP files (KeyStore and TrustStore) Generation from ISE

  1. Log into Cisco ISE.
  2. From the Cisco ISE home page, choose Administration > pxGrid Services > Certificates
  3. Do the following:
    - From the I want to drop-down list, choose Generate cert (without certificate signing request).
    - In the Common Name (CN) field, enter the name of the Cisco DNA Center server including domain name. For example, ciscodnac.yourdomain.com.
    - From the Subject Alternative Name (SAN) drop-down list, choose IP address, and then enter the Cisco DNA Center IP address in the field provided.
    - From the Certificate Download Format drop-down list, choose PKCS format (including certificate chain; one file for both the certificate name and key).
    - In the Certificate Password field, enter - C#sco123
    - Click Create. A Zip file is generated.
    This is your KeyStore Zip File
  4. On the same page, again Do the following:
    - From the I want to drop-down list, choose Download Root Certificate Chain.
    - In the Host Name field, enter a host name.
    - From the Certificate Download Format drop-down list, choose Certificate in Privacy Enhanced Electronic Mail (PEM) format, key in PKSCB format (including certificate chain).
    - Click Create. A Zip file is generated.
    This is your TrustStore Zip File


Step 2:- Upload OpenSSL Cert Store ZIP files and Convert them to Java Key Stores


  

  


  



Step 3:- Configure Cisco DNA Center Assurance and Cisco ISE Integration

  1. Log into Cisco DNAC.
  2. From the Cisco DNA Center Home page, choose ((Settings Wheel Icon)) > System Settings > Data Platform > Collectors.
  3. Click Collector-ISE. The Collector-ISE page appears.
  4. Click + Add. The ISE Collector Configuration page appears.
  5. Do the following:
    - In the ISE Service IP Address field, enter the IP address of the ISE server.
    - ISE Username and Password in the Username and Password fields.
    - From the Truststore File area, upload the truststore.jks file that was just generated by this utility and the passphrase is C#sco123
    - From the Keystore File area, upload the keystore.jks file that was just generated by this utility and the passphrase is C#sco123
    - (Optional) Check the Anonymize check box if you want to hide the user name.
    - In the Subscriber Name enter cisco-dnac-assurance as the name of the pxGrid subscriber.
    - In the Configuration Name enter a unique name for this configuration.
    - Click Save Configuration.


You are All Set to Rock and Roll with this! Enjoy Assurance!