https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990665#M37584 <P>The ISE CA is not trusted by any mobiles. The ISE generates a ROOT CA cert and then it issues a cert to the ISE&nbsp;Sub/Intermediate CA. This is the CA that issues certs for BYOD.</P> <P>&nbsp;The truted cert you bought&nbsp;is for the ISE system identification.</P> Wed, 16 Nov 2016 05:36:59 GMT Andre Neethling 2016-11-16T05:36:59Z https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990662#M37581 <P>Hello,</P> <P></P> <P>We bought a cert for ISE.(EAP, &nbsp;admin and default portal).We can check "validate server cert" now.But when we connect to the wifi,it show a non-trust cert.</P> <P>I have two question.</P> <P>1.What is that cert?</P> <P>2.Anyway to let the client trust this cert(already buy a public cert)?</P> <P></P> <P>Duncan</P> Mon, 11 Mar 2019 07:14:00 GMT https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990662#M37581 cheungchunyu 2019-03-11T07:14:00Z https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990663#M37582 <P>Is this with all BYOD devices?</P> <P>From 1.3, ISE has an integrated CA for BYOD. This CA's Root Certificate is self signed. This is most probably the cert you are not trusting.</P> Wed, 16 Nov 2016 04:56:48 GMT https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990663#M37582 Andre Neethling 2016-11-16T04:56:48Z https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990664#M37583 <P>Hello,</P> <P>As I mention,we already import a system cert(not self-signed) in ISE.So I believe that mobile endpoint will not received any warning on cert.</P> <P>If you said is correct,we need to buy another CA root cert for ise?</P> <P></P> <P>Duncan</P> <P>&nbsp;</P> Wed, 16 Nov 2016 05:20:58 GMT https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990664#M37583 cheungchunyu 2016-11-16T05:20:58Z https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990665#M37584 <P>The ISE CA is not trusted by any mobiles. The ISE generates a ROOT CA cert and then it issues a cert to the ISE&nbsp;Sub/Intermediate CA. This is the CA that issues certs for BYOD.</P> <P>&nbsp;The truted cert you bought&nbsp;is for the ISE system identification.</P> Wed, 16 Nov 2016 05:36:59 GMT https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990665#M37584 Andre Neethling 2016-11-16T05:36:59Z https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990666#M37585 <P>Hello,</P> <P></P> <P>Any way to solve this issue or prevent it happen again?</P> <P></P> <P>Duncan</P> Wed, 16 Nov 2016 05:38:54 GMT https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990666#M37585 cheungchunyu 2016-11-16T05:38:54Z https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990667#M37586 <P>Maybe you can add the ISE Sub CA and Root CA certs&nbsp;to the trusted certs of the mobiles. But I suspect this is not a viable option due to the fact that the mobiles are not under your control.</P> Wed, 16 Nov 2016 05:41:37 GMT https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990667#M37586 Andre Neethling 2016-11-16T05:41:37Z https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990668#M37587 <P>Hello,</P> <P></P> <P>I get your mean,but it is not acceptable in our environment .</P> <P>I will double check that what cert is shown when connect to the wifi.</P> <P>If you said is ture,I think I need open a support case for this issue.</P> <P>As mobile device didnt expect recevie a cert when the device just connect the wifi.</P> <P>Anyway,thank you for your idea.</P> <P></P> <P>Duncan</P> Wed, 16 Nov 2016 05:46:03 GMT https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990668#M37587 cheungchunyu 2016-11-16T05:46:03Z https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990669#M37588 <P>hello,</P> <P></P> <P>I double checked ,the showing cert is EAP cert.</P> <P>We only find the apple devices will showing this untrust cert.</P> <P>It is a apple device issue.</P> <PRE class="prettyprint"><FONT face="Courier New" size="2"><SPAN><FONT face="Calibri,sans-serif" size="3">This is an <SPAN class="highlight" id="0.7993383817073134" name="searchHitInReadingPane">Apple</SPAN> (iOS) issue. I have raised question in the discussion forum (along with many other users having the same issue)</FONT></SPAN></FONT></PRE> <PRE class="prettyprint"><FONT face="Courier New" size="2"><SPAN><FONT face="Calibri,sans-serif" size="3"><SPAN>&nbsp;</SPAN></FONT></SPAN></FONT></PRE> <PRE class="prettyprint"><FONT face="Courier New" size="2"><SPAN><A href="https://discussions.apple.com/message/23391267#23391267" target="_blank"><FONT face="Calibri,sans-serif" size="3"><SPAN>https://discussions.<SPAN class="highlight" id="0.21437562563206725" name="searchHitInReadingPane">apple</SPAN>.com/message/23391267#23391267</SPAN></FONT></A></SPAN></FONT></PRE> <PRE class="prettyprint"><FONT face="Courier New" size="2"><SPAN><FONT face="Calibri,sans-serif" size="3"><SPAN>&nbsp;</SPAN></FONT></SPAN></FONT></PRE> <PRE class="prettyprint"><FONT face="Courier New" size="2"><SPAN><FONT face="Calibri,sans-serif" size="3"><SPAN>Other discussions regarding the same issue:</SPAN></FONT></SPAN></FONT></PRE> <PRE class="prettyprint"><FONT face="Courier New" size="2"><SPAN><FONT face="Calibri,sans-serif" size="3"><SPAN>&nbsp;</SPAN></FONT></SPAN></FONT></PRE> <PRE class="prettyprint"><FONT face="Courier New" size="2"><SPAN><A href="https://discussions.apple.com/message/21869722#21869722" target="_blank"><FONT face="Calibri,sans-serif" size="3"><SPAN>https://discussions.<SPAN class="highlight" id="0.7313402689449446" name="searchHitInReadingPane">apple</SPAN>.com/message/21869722#21869722</SPAN></FONT></A></SPAN></FONT></PRE> <PRE class="prettyprint"><FONT face="Courier New" size="2"><SPAN><FONT face="Calibri,sans-serif" size="3"><SPAN>&nbsp;</SPAN></FONT></SPAN></FONT></PRE> <PRE class="prettyprint"><FONT face="Courier New" size="2"><SPAN><A href="https://discussions.apple.com/message/20237323#20237323" target="_blank"><FONT face="Calibri,sans-serif" size="3"><SPAN>https://discussions.<SPAN class="highlight" id="0.6529469685957723" name="searchHitInReadingPane">apple</SPAN>.com/message/20237323#20237323</SPAN></FONT></A></SPAN></FONT></PRE> <PRE class="prettyprint"><FONT face="Courier New" size="2"><SPAN><FONT face="Calibri,sans-serif" size="3"><SPAN>&nbsp;</SPAN></FONT></SPAN></FONT></PRE> <PRE class="prettyprint"><FONT face="Courier New" size="2"><SPAN><A href="https://discussions.apple.com/message/20338508#20338508" target="_blank"><FONT face="Calibri,sans-serif" size="3"><SPAN>https://discussions.<SPAN class="highlight" id="0.1965198248356239" name="searchHitInReadingPane">apple</SPAN>.com/message/20338508#20338508</SPAN></FONT></A></SPAN></FONT></PRE> <P>Duncan</P> Thu, 01 Dec 2016 05:51:43 GMT https://community.cisco.com/t5/network-access-control/non-trust-cert-is-shown-when-connect-wfi-byod-solution/m-p/2990669#M37588 cheungchunyu 2016-12-01T05:51:43Z