https://community.cisco.com/t5/network-access-control/ise-2-0-cert-chain-android/m-p/3780672#M543649 <P>I recently updated a couple certs on our ISE server. I applied the same cert to the default portal policy as well as EAP Authentication. We went from an OV cert to an EV cert which required an intermediate cert to be installed to the ISE server. I am not having any problems with anything except the Guest Portal on Android.</P> <P>&nbsp;</P> <P>What is happening is the Certificate chain is not complete on the android devices. All laptops are listing it as valid cert as they are listing the root and intermediate certs. I can manually install the intermediate cert on my android&nbsp;devices and have it show as valid, however that should not be needed as it is installed on the ISE server.</P> <P>&nbsp;</P> <P>On top of that problem, we are recieving the portal redirect page (connectivitycheck.gstatic.com) and no portal. The only way I have been able to get around this is by clicking "connect as is" and open chrome; I then navigate to "connectivitycheck.gstatic.com". Then I am redirected to the correct Guest Portal.</P> <P>&nbsp;</P> <P>Any help is appreciated</P> <P>Thank you</P> Mon, 11 Mar 2019 08:53:54 GMT MattD2010 2019-03-11T08:53:54Z https://community.cisco.com/t5/network-access-control/ise-2-0-cert-chain-android/m-p/3780672#M543649 <P>I recently updated a couple certs on our ISE server. I applied the same cert to the default portal policy as well as EAP Authentication. We went from an OV cert to an EV cert which required an intermediate cert to be installed to the ISE server. I am not having any problems with anything except the Guest Portal on Android.</P> <P>&nbsp;</P> <P>What is happening is the Certificate chain is not complete on the android devices. All laptops are listing it as valid cert as they are listing the root and intermediate certs. I can manually install the intermediate cert on my android&nbsp;devices and have it show as valid, however that should not be needed as it is installed on the ISE server.</P> <P>&nbsp;</P> <P>On top of that problem, we are recieving the portal redirect page (connectivitycheck.gstatic.com) and no portal. The only way I have been able to get around this is by clicking "connect as is" and open chrome; I then navigate to "connectivitycheck.gstatic.com". Then I am redirected to the correct Guest Portal.</P> <P>&nbsp;</P> <P>Any help is appreciated</P> <P>Thank you</P> Mon, 11 Mar 2019 08:53:54 GMT https://community.cisco.com/t5/network-access-control/ise-2-0-cert-chain-android/m-p/3780672#M543649 MattD2010 2019-03-11T08:53:54Z https://community.cisco.com/t5/network-access-control/ise-2-0-cert-chain-android/m-p/3780773#M543663 I believe your issue could possibly stem from the certificate issue you are facing. Does the redirect work after you manually install the intermediate certificate on the device? If so then I will point you to this known issue. <BR /><A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj04703/" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj04703/</A><BR /><BR />Now as for the certificate issue you have. You are seeing a legitimate invalid certificate warning if the intermediate certificate is missing from Android. Having the root and intermediate installed on the ISE server only allows the ISE deployment to trust that certificate. The trust store on the device, in this case Android, has to have the complete certificate chain installed to trust the issuer, both root and any intermediates doing the signing. Wed, 16 Jan 2019 05:06:57 GMT https://community.cisco.com/t5/network-access-control/ise-2-0-cert-chain-android/m-p/3780773#M543663 Damien Miller 2019-01-16T05:06:57Z https://community.cisco.com/t5/network-access-control/ise-2-0-cert-chain-android/m-p/3864284#M543674 <P>Hi Matt</P><P>&nbsp;</P><P>We're experiencing the exact same problem, though not limited to Android, but all devices that uses Google Chrome. The workaround, until we have found a prober solution, is to use other browsers than Google Chrome.</P><P>&nbsp;</P><P>Best regards</P><P>&nbsp;</P><P>Ditlev</P> Wed, 29 May 2019 07:17:49 GMT https://community.cisco.com/t5/network-access-control/ise-2-0-cert-chain-android/m-p/3864284#M543674 Ditlev Weinreich 2019-05-29T07:17:49Z