cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1482
Views
4
Helpful
1
Replies
Highlighted
Enthusiast

Can I used a Wild Card Certificate for ISE 2.2

Hi

I am in the process of deploying ISE 2.2 waiting for the hardware delivery. I am thinking of using the Wild Card certificate from Digicert issues to my organisation. Can I use the same certificates or do I need to ask my System team to build an internal CA server?

One advantage I could see to use internal CA servers is the validity of the certificate can be for 10 years where as if I go with a wild card certificate I will be restricted to the validity of the certificate.

I just want to know what would be the best approach when it come certificates for ISE.

Cheers

Yasir

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Can I used a Wild Card Certificate for ISE 2.2

If not already done, take a look at  How To: Implement ISE Server-Side Certificates and other articles on Certificates / Private Key Infrastructure (PKI)

You should be able to do either or a mix of the two, but it's down to what ISE services you would deploy and what your use base like. For example, it would work great to use wild-card certificates for ISE guest services, as your visitors' devices would probably get prompted to accept certificates as they unlikely already trust your enterprise CA.

View solution in original post

1 REPLY 1
Highlighted
Cisco Employee

Re: Can I used a Wild Card Certificate for ISE 2.2

If not already done, take a look at  How To: Implement ISE Server-Side Certificates and other articles on Certificates / Private Key Infrastructure (PKI)

You should be able to do either or a mix of the two, but it's down to what ISE services you would deploy and what your use base like. For example, it would work great to use wild-card certificates for ISE guest services, as your visitors' devices would probably get prompted to accept certificates as they unlikely already trust your enterprise CA.

View solution in original post