topic CISCO ISE DEPLOYMENT in Network Access Control

CISCO ISE DEPLOYMENT

kennedymacharia — Mon, 11 Mar 2019 05:28:03 GMT

hi,

I have configured cisco ise for Web_Auth_Redirection, Everything is working perfectly but I am having a lot of complains from users due to the certificate not been trusted. I understand that redirection by default is through https how can i solve this so that users are not prompted for certificate.

can I change redirection portal to be http instead of https
can I install a certificate in the ise server that will be trusted by the clients

My answers below:

nspasov — Fri, 20 Feb 2015 01:06:07 GMT

My answers below:

can I change redirection portal to be http instead of https

NS: No, this cannot be changed and you would not want to change it as username/passwords would be transmitted in plain-text

can I install a certificate in the ise server that will be trusted by the clients

NS: Yes, you can get a certificate from a well known CA like VeriSign or GoDaddy and that way you would avoid the certificate errors.

Thank you for rating helpful posts!

Gert, it may not help even if

manjeets — Fri, 20 Feb 2015 04:08:59 GMT

Gert, it may not help even if you get proper cert for all NADs. Whether switch certificate is valid or not is another matter, the fact that the CN of the switch certificate does not match the original host name of the requested URL will force the browser to prompt the user every time.

Hi Manjeet, this is a good

nspasov — Fri, 20 Feb 2015 16:30:11 GMT

Hi Manjeet, this is a good point but it will only apply if using LWA (local web auth) and not CWA.

Thank you for rating helpful posts!