Solved: Can I used a Wild Card Certificate for ISE 2.2

yasirirfan · ‎02-18-2017

Hi

I am in the process of deploying ISE 2.2 waiting for the hardware delivery. I am thinking of using the Wild Card certificate from Digicert issues to my organisation. Can I use the same certificates or do I need to ask my System team to build an internal CA server?

One advantage I could see to use internal CA servers is the validity of the certificate can be for 10 years where as if I go with a wild card certificate I will be restricted to the validity of the certificate.

I just want to know what would be the best approach when it come certificates for ISE.

Cheers

Yasir

hslai · ‎02-19-2017

If not already done, take a look at How To: Implement ISE Server-Side Certificates and other articles on Certificates / Private Key Infrastructure (PKI)

You should be able to do either or a mix of the two, but it's down to what ISE services you would deploy and what your use base like. For example, it would work great to use wild-card certificates for ISE guest services, as your visitors' devices would probably get prompted to accept certificates as they unlikely already trust your enterprise CA.

View solution in original post

hslai · ‎02-19-2017

If not already done, take a look at How To: Implement ISE Server-Side Certificates and other articles on Certificates / Private Key Infrastructure (PKI)

You should be able to do either or a mix of the two, but it's down to what ISE services you would deploy and what your use base like. For example, it would work great to use wild-card certificates for ISE guest services, as your visitors' devices would probably get prompted to accept certificates as they unlikely already trust your enterprise CA.