cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1216
Views
4
Helpful
4
Replies
Cisco Employee

Disable HSTS on ISE?

hi all

One of my customers is facing problems on the sponsor portal when using Chrome browser.

Chrome stops and "complains" about HSTS.

Can we disable HSTS on ISE?

or - is this there another workaround?

ISE 2.3 patch 1 is used.

Br

Tue

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Disable HSTS on ISE?

No, this is not configurable in ISE.

Assuming Chrome stops due to the web portal is presenting the ISE server certificates for admin, the only workaround is to include the portal FQDNs in those certificates' SAN fields.

View solution in original post

4 REPLIES 4
Cisco Employee

Re: Disable HSTS on ISE?

No, this is not configurable in ISE.

Assuming Chrome stops due to the web portal is presenting the ISE server certificates for admin, the only workaround is to include the portal FQDNs in those certificates' SAN fields.

View solution in original post

Re: Disable HSTS on ISE?

I have deployed sponsors portal using the same certificate that we use for Admin because it has wildcard SAN entry, but we use FQDN which does not explicitly exist in certificate (so we rely on wildcard). Due to HSTS both Chrome and Firefox report there's a problem with the certificate. In fact, the page loads fine on first attempt, but all consecutive attempts fail and certificate is blamed. What is the fix for this please?

Cisco Employee

Re: Disable HSTS on ISE?

Please check out this link for an answer... Hope this helps...



https://cisco-marketing.hosted.jivesoftware.com/thread/88180


Re: Disable HSTS on ISE?

@Bryan Byers The link you provided points to this very same conversation :)