https://community.cisco.com/t5/network-access-control/can-i-used-a-wild-card-certificate-for-ise-2-2/m-p/3433205#M536083 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 10pt;">If not already done, take a look at&nbsp; </SPAN><A _jive_internal="true" data-containerid="5301" data-containertype="14" data-objectid="68164" data-objecttype="102" href="https://community.cisco.com/docs/DOC-68164" style="font-size: 12px; font-family: arial; color: #0a63a7;">How To: Implement ISE Server-Side Certificates</A><SPAN style="font-size: 10pt;"> and other articles on </SPAN><A _jive_internal="true" href="https://community.cisco.com/docs/DOC-64012#jive_content_id_Certificates__Private_Key_Infrastructure_PKI" style="font-size: 10pt;">Certificates / Private Key Infrastructure (PKI)</A></P><P></P><P>You should be able to do either or a mix of the two, but it's down to what ISE services you would deploy and what your use base like. For example, it would work great to use wild-card certificates for ISE guest services, as your visitors' devices would probably get prompted to accept certificates as they unlikely already trust your enterprise CA.</P></BODY></HTML> Sun, 19 Feb 2017 20:37:05 GMT hslai 2017-02-19T20:37:05Z https://community.cisco.com/t5/network-access-control/can-i-used-a-wild-card-certificate-for-ise-2-2/m-p/3433204#M536081 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>I am in the process of deploying ISE 2.2 waiting for the hardware delivery. I am thinking of using the Wild Card certificate from Digicert issues to my organisation. Can I use the same certificates or do I need to ask my System team to build an internal CA server? </P><P></P><P>One advantage I could see to use internal CA servers is the validity of the certificate can be for 10 years where as if I go with a wild card certificate I will be restricted to the validity of the certificate.</P><P></P><P>I just want to know what would be the best approach when it come certificates for ISE.</P><P></P><P>Cheers</P><P></P><P>Yasir</P></BODY></HTML> Sun, 19 Feb 2017 07:31:00 GMT https://community.cisco.com/t5/network-access-control/can-i-used-a-wild-card-certificate-for-ise-2-2/m-p/3433204#M536081 yasirirfan 2017-02-19T07:31:00Z https://community.cisco.com/t5/network-access-control/can-i-used-a-wild-card-certificate-for-ise-2-2/m-p/3433205#M536083 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 10pt;">If not already done, take a look at&nbsp; </SPAN><A _jive_internal="true" data-containerid="5301" data-containertype="14" data-objectid="68164" data-objecttype="102" href="https://community.cisco.com/docs/DOC-68164" style="font-size: 12px; font-family: arial; color: #0a63a7;">How To: Implement ISE Server-Side Certificates</A><SPAN style="font-size: 10pt;"> and other articles on </SPAN><A _jive_internal="true" href="https://community.cisco.com/docs/DOC-64012#jive_content_id_Certificates__Private_Key_Infrastructure_PKI" style="font-size: 10pt;">Certificates / Private Key Infrastructure (PKI)</A></P><P></P><P>You should be able to do either or a mix of the two, but it's down to what ISE services you would deploy and what your use base like. For example, it would work great to use wild-card certificates for ISE guest services, as your visitors' devices would probably get prompted to accept certificates as they unlikely already trust your enterprise CA.</P></BODY></HTML> Sun, 19 Feb 2017 20:37:05 GMT https://community.cisco.com/t5/network-access-control/can-i-used-a-wild-card-certificate-for-ise-2-2/m-p/3433205#M536083 hslai 2017-02-19T20:37:05Z