topic Re: ISE Guest portal Redirection issue <> [ 404 ] Resource Not F in Network Access Control

ISE Guest portal Redirection issue <> [ 404 ] Resource Not Found

Ryan2K — Thu, 16 Apr 2026 12:17:37 GMT

Hi everyone,

Recently, I have made couple of changes to the customer's system certificates, Now

I’m starting to face an issue with the Sponsor/Guest portal redirection in Cisco ISE and would appreciate your input.

Observed Behavior:

When accessing the portal directly (redirection is not working as expected):

https://guest.domain.com:8443

No certificate warning is shown (the certificate appears valid)
However, the page returns: 404 – Resource Not Found

Current Setup:

No wildcard certificates are being used
The Admin certificate is signed by a private CA (not publicly trusted)
The Admin certificate does not include the Guest portal FQDN in its SAN
The Guest portal certificate is signed by a public CA (DigiCert) and includes:
- guest.domain.com

Issue:

When accessing:

https://guest.domain.com

The browser initially connects to the Admin interface (port 443)
The Admin certificate is presented
Since this certificate is not publicly trusted and does not include the Guest FQDN in the SAN, the browser displays a certificate warning
This occurs before the redirect to the Guest portal

Question:

Based on Cisco ISE design and best practices, is it required to:

Install a publicly trusted certificate on the Admin interface, and
Include the Guest portal FQDN (e.g., guest.domain.com) in the Admin certificate SAN

even though a valid public certificate is already installed for the Guest portal?

Or is there an alternative design to avoid this initial certificate mismatch during redirection?

Additionally, I came across references to HSTS behaviour in this context but would appreciate clarification on how it impacts this scenario.

Thanks in advance.

Ryan,

Re: ISE Guest portal Redirection issue <> [ 404 ] Resource Not F

ahollifield — Mon, 20 Apr 2026 18:55:15 GMT

You should not attempt to manually connect to the URL. the 404 is expected as the portal redirect requires the generated URL sent in the authz.

You should troubleshoot why redirection is not working as expected.

Re: ISE Guest portal Redirection issue <> [ 404 ] Resource Not F

Stefan Mihajlov — Mon, 20 Apr 2026 19:02:35 GMT

@Ryan2K try explicitly enter guest.domain.com into portal FQDN within ur specific guest portal settings so ise know excatly which page to serve 🙂

Re: ISE Guest portal Redirection issue <> [ 404 ] Resource Not F

Ben Walters — Mon, 27 Apr 2026 15:16:44 GMT

It is best to have a separate public cert for the guest portal instead of combining multiple functions into one cert, especially when using different issuing CAs.

For the redirect ISE automatically adds in /portal/PortalSetup.action?portal=<ID string> which needs to be included for it to function. If you try to hit the URL without the portal info either using standard HTTPS or 8443 you will see what you are experiencing, this is expected.

If you want to test either try the process as a user would or from ISE go to Work Centers > Guest Access > Portals and Components and select your guest portal, from there there should be a Portal test URL link.

If you hadn't already after changing any certs on ISE nodes the ISE service should be restarted. If you redirect isn't working it might be something else in the config for the portal itself or in the guest redirect policy.