cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
454
Views
0
Helpful
2
Replies

Not only portal cert but also admin cert are used during native supplicant provisioning process

masyamad
Cisco Employee
Cisco Employee

Hi Team,

I tested simple windows NSP process, and found the portal uses admin cert first then use portal cert like that. 

 

1) The portal page shows admin cert first. (self-signed admin cert "admin.cert-test.com" is provided)

1st_cert.png

 

2) Then the portal page shows portal cert. (self-signed portal cert "portal.cert-test.com" is provided.)

1nd_cert.png

 

However, now the customer doesn't want to expose the content of admin cert to employees.

Is it expected behavior? And Is there a way to configure ISE certificates so that only portal certificate is used during NSP process?

 

 

2 Replies 2

hslai
Cisco Employee
Cisco Employee

What you described is the same issue as your other post -- Group tag doesn't work for portal FQDN.

 

Sorry for the delayed response, but please let me confiirm it's really same as Group tag doesn't work for portal FQDN.
The issue of Group tag doesn't work for portal FQDN is triggered by accessing FQDN shortcut like https://mydevices01.cert-test.com from web browsers. Now I understand it's expected behavior.

But for the BYOD provisioning, similar shortcut FQDN cannot be definied because the URL is dynamically generated for each client session. And the admin certificate access is not from web browsers but from network setup application.

Now you say it's same issue as mydevices portal. But why does the application requires "<ise_fqdn>:443"? I guess It can simply access "<ise_fqdn>:8443" directly...
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: