cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

248
Views
2
Helpful
5
Replies
Cisco Employee

CPP and Admin certificate different but on same interface

Hi,


Configured the following on ISE 2.3:

1 ISE interface for CPP and Admin

CCP portal runs on TCP port 8443 with its own certificate signed by CA1

Admin portal runs on port 443 with its own certificate signed by CA2

When a CCP redirection occurs, the client first get redirected on port 443 (with the wrong certificate) and to port 8443 with the right certificate.

I would have expected that the client would directly go to the 8443 port.

Anybody seen this ?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CPP and Admin certificate different but on same interface

Yes, I've been seeing it during beta. This appears related to CSCve85686.

5 REPLIES 5
Cisco Employee

Re: CPP and Admin certificate different but on same interface

Yes, I've been seeing it during beta. This appears related to CSCve85686.

VIP Advocate

Re: CPP and Admin certificate different but on same interface

I have the same in ISE 2.2 - I raised a TAC case for it.  They told me it was due to CSCut16630 (ancient bug).

Luckily I have an F5 load balancer that is masking this issue. 

Cisco Employee

Re: CPP and Admin certificate different but on same interface

We have an enhancement bug -- CSCva84197, but we have not scheduled to address it yet.

Cisco Employee

Re: CPP and Admin certificate different but on same interface

Thanks all !

Enthusiast

Re: CPP and Admin certificate different but on same interface

The ISE installation guide 2.3 states that ISE presents Admin cert for Posture and CPP, then Portal cert for 8443. So I doubt if it’s really a bug. All the installation guides from 1.2 to 2.3 state this.