Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Guest portal certificate on ise

Background:

      Customer don't have an internal DNS server. We are using the google DNS server, which doesn't resolve the internal guest ISE server name. Hence, we are directly using the ip-address in redirect URL and guest authentication portal.

Question:

   Which certificate I need to use for the guest login portal to avoid the cert error. We tried ipaddress(10.1.1.1) in cert common name , Firefox showed cert error(invalid - for not matching-10.1.1.1:8443 ). Then, we tried DNS name as common name and IP address as subject alternate name. Most of the browsers worked fine. Internet explorer gave certificate error. Do you think of any other solution?

 

Everyone's tags (4)
2 REPLIES
New Member

There are several things that

There are several things that need to be setup correctly for clients to see a certificate as valid.

1. The redirect needs to use a DNS name that the client can resolve

2. DNS name used above must be in the certificate as CN or a SAN

3. If the redirect uses a fully qualified domain name then this also needs to be in the certificate

4. Client needs to have the ROOT cert and any required intermediates in it certificate store.

Using IP address in the SAN should work but if you want to use a publicly signed cert on ISE then you cannot use IP address because the certificate authorities will no long support this.

You could try using 10.1.1.1:8443 in the SAN to see if this works but you will still need to ensure that the client device has the certificates ROOT and intermediates in its certificate store.

Hope this helps

 

 

Cisco Employee

check the following

check the following threads

https://supportforums.cisco.com/discussion/12085906/ise-domain-name-certificates-and-guest-portal

431
Views
0
Helpful
2
Replies