Showing results for 
Search instead for 
Did you mean: 
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


BYOD Certificate Issue

Hi guys,


I've got a problem with my BYOD deployment (dual SSID) on MacOS Catalina.

Everything works fine until the Network Setup Assistant tries to download a profile.
Even though both of the portals ISE uses in BYOD flow (admin & client provisioning) certificates are signed by a public CA - the NSA shows a warning "the certificate is not valid".
If I click "continue”, I'm able to successfully enroll certificate and join the network.

When i try to connect to both these portals via safari/chrome, the certificate is validated as expected.

It seems to me like the NSA doesn’t have rights to use the Mac’s certificate store.
I know there are some changes for certificates in Catalina (sha1 no longer supported etc..), but our certificates seem to match these new policies.


Using SP wizard version
ISE Version 2.4 patch 9 and also tested with 2.6

Catalina 10.15.2


I can open a TAC case, but just wanted to ask here before I do so.

Appreciate every hint ;)

Thank You.