Welcome to Cisco DNAC - ISE Collector Keystores Generation Utility!

This utility guides in Cisco DNA Center Assurance and Cisco ISE Integration, and also creates the required Cisco DNAC compatible certificates from ISE certificates.

This utility is available AS-IS without any support, warranty or liability of any sort. Use it at your own discretion.

For reporting corrections / feedback, send an email to Anand Kanani - [email protected]. Check out all my scripts here

Cisco Documentation Reference:- https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-2-1/user_guide/b_dnac_ug_1_2_1/b_dnac_ug_1_2_chapter_010010.html

Step 1:- OpenSSL Cert Store ZIP files (KeyStore and TrustStore) Generation from ISE

Log into Cisco ISE.
From the Cisco ISE home page, choose Administration > pxGrid Services > Certificates
Do the following:
- From the I want to drop-down list, choose Generate cert (without certificate signing request).
- In the Common Name (CN) field, enter the name of the Cisco DNA Center server including domain name. For example, ciscodnac.yourdomain.com.
- From the Subject Alternative Name (SAN) drop-down list, choose IP address, and then enter the Cisco DNA Center IP address in the field provided.
- From the Certificate Download Format drop-down list, choose PKCS format (including certificate chain; one file for both the certificate name and key).
- In the Certificate Password field, enter - C#sco123
- Click Create. A Zip file is generated.
This is your KeyStore Zip File
On the same page, again Do the following:
- From the I want to drop-down list, choose Download Root Certificate Chain.
- In the Host Name field, enter a host name.
- From the Certificate Download Format drop-down list, choose Certificate in Privacy Enhanced Electronic Mail (PEM) format, key in PKSCB format (including certificate chain).
- Click Create. A Zip file is generated.
This is your TrustStore Zip File

Step 2:- Upload OpenSSL Cert Store ZIP files and Convert them to Java Key Stores

Note that you will need to upload the files to our server for the purpose of conversion. You can delete them once you are done. If you do not prefer uploading your files, then download an offline binary version of this utility for Windows or for Mac. Note that you will need Java (JDK) installed for this utility to function.

Step 3:- Configure Cisco DNA Center Assurance and Cisco ISE Integration

Log into Cisco DNAC.
From the Cisco DNA Center Home page, choose ((Settings Wheel Icon)) > System Settings > Data Platform > Collectors.
Click Collector-ISE. The Collector-ISE page appears.
Click + Add. The ISE Collector Configuration page appears.
Do the following:
- In the ISE Service IP Address field, enter the IP address of the ISE server.
- ISE Username and Password in the Username and Password fields.
- From the Truststore File area, upload the truststore.jks file that was just generated by this utility and the passphrase is C#sco123
- From the Keystore File area, upload the keystore.jks file that was just generated by this utility and the passphrase is C#sco123
- (Optional) Check the Anonymize check box if you want to hide the user name.
- In the Subscriber Name enter cisco-dnac-assurance as the name of the pxGrid subscriber.
- In the Configuration Name enter a unique name for this configuration.
- Click Save Configuration.