I am using an ISE service to authenticate my mobile devices (PEAP through WLC), but we havn't an internal PKI. To solve this fact, i'm dealing with a public certificate provider to get a public certificate for a public domain i'm owning.
The CSR include a public name as CN (auth.mydomain.net), and the private name of the server as SAN (ise01.localdomain.ve), but the public certificate provider answers me that the "ve" extension is the public extension for Venezuela, so he cannot generate this SAN certficate if I don't own this public "localdomain.ve" domain...
My question is the following : I know we can specify IP on the SAN field, but do you think I can specify only the private IP address, without DNS name ? In other words, do you think that ISE can accept a certificate with a public name as CN and only its private IP address as SAN ?
Thanks a lot for your answers !