topic Re: ISE 2.7 EAP Certificate in Network Access Control

ISE 2.7 EAP Certificate

jrmildren — Thu, 10 Sep 2020 01:56:37 GMT

I am deploying ISE 2.7. For the EAP certificate is it possible to use a publicly signed certificate then import the same certificate into all of the PSNs? This would simplify things and eliminate devices that are not part of the domain from seeing an untrusted certificate warning.

Re: ISE 2.7 EAP Certificate

Colby LeMaire — Thu, 10 Sep 2020 03:16:07 GMT

That is actually the recommended approach but the certificate has to be a wildcard certificate. Ensure the Subject/Common Name (CN) is set to one of the ISE nodes' FQDN and then use the wildcard as a SAN DNS Name such as *.mycompany.com. The Subject/CN cannot be a wildcard or Windows clients will complain.

Re: ISE 2.7 EAP Certificate

jrmildren — Thu, 10 Sep 2020 11:34:56 GMT

Thank you for the reply. The CN would be ise.xyz.local and the wildcard in the SAN would be *.xyz.com. Will this work?

Re: ISE 2.7 EAP Certificate

Colby LeMaire — Thu, 10 Sep 2020 13:55:53 GMT

That is correct!