Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
899
Views
10
Helpful
2
Replies

Cisco ise 1.3 subject alternative name SAN

Go to solution
Augustgood
Level 1
Level 1

‎08-12-2015 09:24 AM - edited ‎03-10-2019 10:58 PM

hi, who can help me to understand san on Ise 1.3.

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎08-16-2015 01:25 AM

You want to access the webpages of the ISE by different names. A good example for that is the my-devices or the sponsor-portal. To access it by the native name of one of your ISEs would be quite unfriendly to your users. If they can access that asmydevices.example.net and  sponsorportal.example.net, it's much easier for the users. But for not getting a cert-warning, you need to have all additional names added to the certificate. These are the "Subject Alternate Names"or SANs. Another method to achieve the same is to use a wildcard-certificate.

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Karsten Iwen

‎08-16-2015 07:18 AM

Adding to Karsten's correct answer - make sure you have SANs even when using a wildcard certificate. That's because native Windows 802.1x supplicants will not properly trust a wildcard certificate.

If you're only doing Central Web Authentication (CWA) or exclusively deploying the AnyConnect Secure Mobility Client Network Access Module (NAM) as your supplicant it's not a problem.

View solution in original post

2 Replies 2

Go to solution
Karsten Iwen
VIP
VIP

‎08-16-2015 01:25 AM

You want to access the webpages of the ISE by different names. A good example for that is the my-devices or the sponsor-portal. To access it by the native name of one of your ISEs would be quite unfriendly to your users. If they can access that asmydevices.example.net and  sponsorportal.example.net, it's much easier for the users. But for not getting a cert-warning, you need to have all additional names added to the certificate. These are the "Subject Alternate Names"or SANs. Another method to achieve the same is to use a wildcard-certificate.

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Karsten Iwen

‎08-16-2015 07:18 AM

Adding to Karsten's correct answer - make sure you have SANs even when using a wildcard certificate. That's because native Windows 802.1x supplicants will not properly trust a wildcard certificate.

If you're only doing Central Web Authentication (CWA) or exclusively deploying the AnyConnect Secure Mobility Client Network Access Module (NAM) as your supplicant it's not a problem.

Customers Also Viewed These Support Documents