Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Does ISE support wildcard certificates?

Hello guys,

My customer doesnt have a CA, but instead has wildcard certificates.

I will implement ISE in 3 different locations (each location independent and with all ise services). Havent look in dept about wildcard certs, but does ISE support this type of certificates? The certs i need is only for corporate users not to be shown with the ssl cert error when accesing ise portals.

If wild certificates supported, then will every independent site need to create a separate CSR for each one of them?

Thanks!

Emilio

2 ACCEPTED SOLUTIONS

Accepted Solutions
Community Member

Does ISE support wildcard certificates?

Version 1.2 which just came out appears to, but the older version did not.

Cisco Employee

Re: Does ISE support wildcard certificates?

It seems to be added in ISE 1.2

Wildcard Certificates

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_cert.html#wp1053232

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
4 REPLIES
Community Member

Does ISE support wildcard certificates?

Version 1.2 which just came out appears to, but the older version did not.

Cisco Employee

Re: Does ISE support wildcard certificates?

It seems to be added in ISE 1.2

Wildcard Certificates

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_cert.html#wp1053232

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Community Member

Re: Does ISE support wildcard certificates?

Thanks guys, so im asuming the following (please correct me if im wrong).

I have 2 different locations each one of them with their own ISE in standalone mode  but they depend on the same wild card certificates entity and share DNS, NTP, etc

They will each have their own urls for sponsor, guest and device portal so, i am asuming that i will have to send a CSR with all needed fqdn´s for each site, right? That makes a total of 2 wildcard certs , one for each ISE deployment?

Thanks!

Emilio

Community Member

Does ISE support wildcard certificates?

Support for Universal Certificates:

Cisco ISE, Release 1.2 supports the use of wildcard server certificates for HTTPS (web-based services)

and EAP protocols that use SSL/TLS tunneling. With the use of universal certificates, you no longer have

to generate a unique certificate for each Cisco ISE node. Also, you no longer have to populate the SAN

field with multiple FQDN values to prevent certificate warnings. Using an asterisk (*) in the SAN field

allows you to share a single certificate across multiple nodes in a deployment and helps prevent

certificate-name mismatch warnings.

For more information, refer to the Cisco Identity Services Engine User Guide, Release 1.2. Kindly find the attached PDF for your clarification ISE 1.2 supports wildcard certificates. Even I had highlighted the same on page 14.
Support for Universal Certificates:
Cisco ISE, Release 1.2 supports the use of wildcard server certificates for HTTPS (web-based services)
and EAP protocols that use SSL/TLS tunneling. With the use of universal certificates, you no longer have
to generate a unique certificate for each Cisco ISE node. Also, you no longer have to populate the SAN
field with multiple FQDN values to prevent certificate warnings. Using an asterisk (*) in the SAN field
allows you to share a single certificate across multiple nodes in a deployment and helps prevent
certificate-name mismatch warnings.

For more information, refer to the Cisco Identity Services Engine User Guide, Release 1.2.

1417
Views
5
Helpful
4
Replies
CreatePlease to create content