el 09-30-2023 01:32 PM
Hi Community:
I have an SSID "SURA-PERU" configured en WLC C9800-CL integrated with ISE, when users connect to their devices with O.S. Windows does not have a certificate problem.
But when the user connects to his device with O.S. MAC exits certificate warning, but exits on behalf of ISE server, I show image.
How can I stop the WLC C9800-CL from showing that message? since it shows the name of the ISE server and for security reasons it should not be shown.
Your kind support
el 09-30-2023 03:28 PM
is this cert singled by valid CA or internal CA ? (if this is Internal CA you get this warning - since not in English i dont know the message that warning)
el 10-01-2023 09:55 AM
A do not show message is simply needed on MAC equipment. Would there be a configuration option on the C9800-CL WLC so that this message is not displayed?
el 10-01-2023 10:05 AM
The root Cert need to be trusted by end device.
el 10-01-2023 04:00 AM
This message is displayed if the ISE certificate is not trusted by the client device. In this case the user has to make a decision if it is right to trust it. For this decision the user has to see which certificate is presented. So it is important to show this information.
And because a user typically can't judge if it is ok or not to accept a certificate warning, the better way would be to make sure that the user never sees a warning like this. For example by pushing a supplicant config by MDM, similar as you do it for your Windows PCs with a GPO.
el 10-01-2023 09:57 AM
Thanks for the alternative solution.
But will there be an option in the configuration of the WLC C9800-CL so that it does not show that message on MAC devices?
el 10-01-2023 01:05 PM
The WLC has nothing to do with this. What you are basically asking for is that an attacker should have the possibility to tell the browser not to show a certificate warning when he spoofs the banking website that you are accessing. Make sure that the ISE’s certificate is trusted for .1X and you are good.
el 10-01-2023 01:56 PM
Dot1xProfile from ermitacode can help you build supplicant profiles for Mac Users if there is no MDM:
https://www.ermitacode.com/dot1xprofile/
Descubra y salve sus notas favoritas. Vuelva a encontrar las respuestas de los expertos, guías paso a paso, temas recientes y mucho más.
¿Es nuevo por aquí? Empiece con estos tips. Cómo usar la comunidad Guía para nuevos miembros
Navegue y encuentre contenido personalizado de la comunidad