A wildcard certificate uses a wildcard notation (an asterisk and period before the domain name) and allows the certificate to be shared across multiple hosts in an organization. ISE 1.2 support the use of wildcard certificate. For more information over configuration you can see the below link
I agree with what you are saying but it seems that your statement contradicts the write up on the Cisco user guide for 1.2, there are no limitations and one of the benefits stated by the doc is that you can use wildcard certs as a cost saving measure which will allow you to install the cert on all ISE nodes.
I do have a corporate wildcard certificate and I will attempt to register two nodes together and see what the result is.
Also the true benefit of a wildcard cert is where the CN is *.domain.com, you should not have to generate a CSR where the CN=iseblah.domain.com with a SAN of *.domain.com, I do not think that is a cost effective wildcard cert since the CN has the fqdn of the ISE node.
I am in the process of a new ISE deployment and have come across an isue with the wildcard cert and generating the CSR. I have also spoken with TAC and the are telling me the same thing I am reading in the Cisco DOC so am missing somethng somewhere.
I am being told that ISE REQUIRED a FQDN for the CN and then you place the wildcard in teh SAN. So far two different CA providers are tellng me I cannot generate a wild card certificate this way. How has anyone else gotten this to work. When I pressed TAC I was told it would probably work with the CN containing the wildcard but there have been reported issues specifically with microsoft clients. Considering the cost of the cert is several hundred dollars I do not want to be wrong.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :