topic Re: Public portal cert not trusted on iOS devices in Network Access Control

Public portal cert not trusted on iOS devices

mmcfarlin456 — Fri, 21 Feb 2020 18:39:18 GMT

On ISE 2.3 Patch 1, I'm running into an issue where only iOS devices don't trust the Digicert signed multi-domain portal certificate. Windows 10, Mac OSX 10.13, and Android don't have this issue.

Re: Public portal cert not trusted on iOS devices

jacob.fredriksson — Thu, 16 Nov 2017 16:40:20 GMT

Hi!

I've had similar problems on iOS devices but that occured only during BYOD-flows. Even trusted third-party certificates had to be manually accepted and added into the trusted store on the device on iOS versions newer than iOS 9. This was during the section in BYOD where the device installs the user certificate and the ISE's certificate etc.

But I've never had a problem with trusted certificates on a portal like you are describing it... anything odd about the certificate in question? Is it using a SHA1 hash?

Re: Public portal cert not trusted on iOS devices

mmcfarlin456 — Thu, 16 Nov 2017 16:43:16 GMT

The issued cert uses SHA2, but the root CA is using SHA1

Re: Public portal cert not trusted on iOS devices

jacob.fredriksson — Thu, 16 Nov 2017 16:50:16 GMT

Okay, that shouldn't be a problem..

Are you sure the domains in the certificate "covers" the hostname of your ISE nodes?

Re: Public portal cert not trusted on iOS devices

mmcfarlin456 — Thu, 16 Nov 2017 16:51:08 GMT

Yes. Definitely

Re: Public portal cert not trusted on iOS devices

jacob.fredriksson — Thu, 16 Nov 2017 16:53:09 GMT

Did the problem appear just now? Maybe Apple has goofed up their trusted store on up-to-date iOS devices. Do you have any older iOS devices you could try accessing the portal on?

Re: Public portal cert not trusted on iOS devices

mmcfarlin456 — Thu, 16 Nov 2017 17:05:49 GMT

This is a lab implementation. Guest portal was previously working before I switched to a public cert last night. I've got an old ipad lying around somewhere and still on 10.x code.

Re: Public portal cert not trusted on iOS devices

mmcfarlin456 — Fri, 17 Nov 2017 23:09:54 GMT

I’m just going to do a clean install. One other thing I did prior to the cert install was a domain name change. Even if I get this working now, I may have issues in the future.

Thanks for your help!