01-18-2018 01:13 PM - edited 03-20-2019 09:50 PM
I am running into an issue with ISE 2.2 patch 4 running the latest SPW for MAC OS X with the latest HighSierra update 10.13.2. BYOD flow does not work, it fails inside the Cisco Network Setup Assistant at the early step of downloading profiles. It shows 2 popups for ISE certificate to be trusted then fails to actually import them into the certificate store.
anybody experiencing the same issue?
Solved! Go to Solution.
01-19-2018 08:29 AM
Yeah I saw that bug.
I just found a workaround. Since I am using a private (internal) certificate for ISE admin and EAP, it has to be trusted in the MAC trust store manually before continuing the BYOD onboarding process, same behavior as iOS 10.3+ documented in bug CSCvd38467
Cisco recommends using public certificates for BYOD, now I know why!
Patrick
01-18-2018 05:27 PM
01-19-2018 07:23 AM
Thanks Francesco, we are looking into patching but it doesn't seem like a known issue listed on bug toolkit or in the release notes.
I am wondering if it is caused by the ISE admin and EAP certificates being generated by an internal CA instead of public. I know iOS 10.3.+ does not like that and requires an extra step to trust the certificate manually during onboarding, maybe MAC OS is even stricter now.
Patrick
01-19-2018 07:25 AM
01-19-2018 08:29 AM
Yeah I saw that bug.
I just found a workaround. Since I am using a private (internal) certificate for ISE admin and EAP, it has to be trusted in the MAC trust store manually before continuing the BYOD onboarding process, same behavior as iOS 10.3+ documented in bug CSCvd38467
Cisco recommends using public certificates for BYOD, now I know why!
Patrick
01-19-2018 08:31 AM
Yes you're right i forgot to ask about certificates and i thought it was a trusted certificate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide