Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ISE Certificate and SAN content.

Hello,

I am using an ISE service to authenticate my mobile devices (PEAP through WLC), but we havn't an internal PKI. To solve this fact, i'm dealing with a public certificate provider to get a public certificate for a public domain i'm owning.

The CSR include a public name as CN (auth.mydomain.net), and the private name of the server as SAN (ise01.localdomain.ve), but the public certificate provider answers me that the "ve" extension is the public extension for Venezuela, so he cannot generate this SAN certficate if I don't own this public "localdomain.ve" domain...

My question is the following : I know we can specify IP on the SAN field, but do you think I can specify only the private IP address, without DNS name ? In other words, do you think that ISE can accept a certificate with a public name as CN and only its private IP address as SAN ?

Thanks a lot for your answers !

Emeric.

Everyone's tags (1)
3 REPLIES

The Subject Alternative Name

The Subject Alternative Name field :

Subject Alternative Names let you protect multiple host names with a single SSL certificate.

Subject Alternative Names allow you to specify a list of host names to be protected by a single SSL certificate.
Secure host names on different base domains in one SSL Certificate. A wildcard certificate can protect all first-level subdomains on an entire domain, such as *.example.com. But a wildcard cannot protect both www.example.com and www.example.net.

Please refer

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_e_man_cert.html

 

 

Community Member

Hi Salodh, Thanks for your

Hi Salodh,

 

Thanks for your reply.

 

I already have read documentations of ISE1.2, but I haven't see a confirmation that using only IP address on the SAN field wouldn't work...

 

Another confirmation I need about SAN : if i own 2 ISE and I don't want to use a wildcard on the SAN field, can I specify the DNS name of each ISE to share the same certificate for the 2 ISE ?

Thanks a lot for your answer.

 

Regards, Emeric.

Bronze

Hi,please go through the Wild

Hi,

please go through the Wild Card Certificate section of the same document which salodh share.

for your query.

 

 

80
Views
0
Helpful
3
Replies
CreatePlease to create content