ISE Certificate and SAN content.

Unanswered Question
Apr 23rd, 2014
User Badges:

Hello,

I am using an ISE service to authenticate my mobile devices (PEAP through WLC), but we havn't an internal PKI. To solve this fact, i'm dealing with a public certificate provider to get a public certificate for a public domain i'm owning.

The CSR include a public name as CN (auth.mydomain.net), and the private name of the server as SAN (ise01.localdomain.ve), but the public certificate provider answers me that the "ve" extension is the public extension for Venezuela, so he cannot generate this SAN certficate if I don't own this public "localdomain.ve" domain...

My question is the following : I know we can specify IP on the SAN field, but do you think I can specify only the private IP address, without DNS name ? In other words, do you think that ISE can accept a certificate with a public name as CN and only its private IP address as SAN ?

Thanks a lot for your answers !

Emeric.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Saurav Lodh Thu, 04/24/2014 - 03:34
User Badges:
  • Gold, 750 points or more

The Subject Alternative Name field :

Subject Alternative Names let you protect multiple host names with a single SSL certificate.

Subject Alternative Names allow you to specify a list of host names to be protected by a single SSL certificate.
Secure host names on different base domains in one SSL Certificate. A wildcard certificate can protect all first-level subdomains on an entire domain, such as *.example.com. But a wildcard cannot protect both www.example.com and www.example.net.

Please refer

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide...

 

 

emeric.niquet Thu, 04/24/2014 - 12:38
User Badges:

Hi Salodh,

 

Thanks for your reply.

 

I already have read documentations of ISE1.2, but I haven't see a confirmation that using only IP address on the SAN field wouldn't work...

 

Another confirmation I need about SAN : if i own 2 ISE and I don't want to use a wildcard on the SAN field, can I specify the DNS name of each ISE to share the same certificate for the 2 ISE ?

Thanks a lot for your answer.

 

Regards, Emeric.

abwahid Wed, 09/17/2014 - 07:18
User Badges:
  • Bronze, 100 points or more

Hi,

please go through the Wild Card Certificate section of the same document which salodh share.

for your query.

 

 

Actions

This Discussion

 

 

Trending Topics - Security & Network