Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Installing wildcard cert on ISE for HTTP/EAP

I need to install a wildcard cert on ISE, but have no experience with wildcards.  I have the *.domain certificate, but i am not sure of the process, and the Cisco docs add to the confusion.  Am i supposed to generate a new CSR to give to the CA, do i simply install the *.domain cert?  I have read the install guide and it of course makes the assumption that you know what you're talking about, and when it comes to installing wildcards, i don't know...

Any assistance would be greatly appreciated

Everyone's tags (2)
New Member

Hi,In order to create CSR


In order to create CSR file from the ISE using a wildcard certificate, you can do the following:

From the CSR page, enter the CN=*

and If you have a specific DNS entry for your ISE like under the SAN fields.

Also, you need to check the box of "Allow Wildcard Certificate".

After that, you can generate and export the CSR and submit it to your CA to get the ID certificate (which you will bind it with the CSR).

Also, you need the CA certificate itself to be added on the ISE certificate store.




New Member

I have not yet created the

I have not yet created the CSR, and thank you for the instructions.  My confusion is this:

I have the actual wildcard cert (* cert), along with the CA bundle.  I have imported the CA bundle already, but is there anything i should be doing with the * cert?

Does it need to be imported, or is it useless?  My understanding of a wildcard cert is that the single cert can be installed on whatever you'd like to use it on... or do you still need to go through the CSR process for each application on which you'd like to use it?

New Member

Unfortunately, you need first

Unfortunately, you need first to create a CSR with wildcard filed either on the CN or DNS fields, and then you need to sign this CSR from the CA using the exact same values and bind it again to the CSR on the ISE configuration.

Cisco Employee

If you are already in the

If you are already in the possession of the wildcard cert and the private key, then you don't need CSR. You can simply import the certificate in ISE:

1. Go to Administration > Certificates > Local Certificates >  Add > Import Server Certificate

2. Use the "browse" buttons to point to the certificate file and private key

3. Check "Allow Wildcard Certificates"

4. Select the protocol that you want to use it for (EAP or HTTPS or both)

5. Hit submit

6. Go to Certificates Store

7. Import the root CA certificate and Intermediate CA certificate(s) (If any)


Thank you for rating helpful posts!


Thank you for rating helpful posts!

A word of caution. If you are

A word of caution. If you are planning to use this cert for 802.1x in BYOD environments you should look into using a SAN cert instead. with all your PSNs in it, wildcard certs are not good for windows machines in e peap/byod scenario, and iOS also has issues with certain wildcard certs.

CreatePlease to create content