I need to install a wildcard cert on ISE, but have no experience with wildcards. I have the *.domain certificate, but i am not sure of the process, and the Cisco docs add to the confusion. Am i supposed to generate a new CSR to give to the CA, do i simply install the *.domain cert? I have read the install guide and it of course makes the assumption that you know what you're talking about, and when it comes to installing wildcards, i don't know...
I have not yet created the CSR, and thank you for the instructions. My confusion is this:
I have the actual wildcard cert (*.domain.com cert), along with the CA bundle. I have imported the CA bundle already, but is there anything i should be doing with the *.domain.com cert?
Does it need to be imported, or is it useless? My understanding of a wildcard cert is that the single cert can be installed on whatever you'd like to use it on... or do you still need to go through the CSR process for each application on which you'd like to use it?
Unfortunately, you need first to create a CSR with wildcard filed either on the CN or DNS fields, and then you need to sign this CSR from the CA using the exact same values and bind it again to the CSR on the ISE configuration.
A word of caution. If you are planning to use this cert for 802.1x in BYOD environments you should look into using a SAN cert instead. with all your PSNs in it, wildcard certs are not good for windows machines in e peap/byod scenario, and iOS also has issues with certain wildcard certs.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :