Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2013
Views
0
Helpful
3
Replies

Cisco ISE CSR generation issue with wildcard certificate.

Go to solution
mjrmontemayor
Level 1
Level 1

‎03-12-2014 08:57 AM - edited ‎03-10-2019 09:31 PM

We are purchasing SSL Wildcard Certificate to use in Cisco ISE but when I enter the following attributes given by the vendor, I have this error,

"*.domain.com is not a valid wildcard name". The attributes I created in the CSR as follows:

CN=*.domain.com

SAN

DNS Name: ise.domain.com

The above parameters is given by the vendor. They said that I should put this attribute because the CA (DigiCert), only accepts this format to issue wildcard certificate.

 

The vendor rejected my previous CSR which I successfully created with the following attributes below. This was based on Cisco's Documentation.

CN=ise.domain.com

SAN

DNS Name: ise.domain.com

DNS Name: *.domain.com

 

I just want to confirm if the attribute given by the vendor are valid for the Cisco ISE to generate CSR. Or must use valid FQDN in the CN entries and not wildcard name. And use the wildcard name only in the SAN DNS Name Entry.

 

Please advice. Appreciate the prompt respose from the expert.

Thank You.

 

regards,

Mike

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee
In response to mjrmontemayor

‎03-17-2014 06:07 AM

Mike,

 

A wildcard cert is definitely the way to go in a distibuted environment.  Use the hostname got your Admin node in the CN field:

 

CN=ise, OU=domain, OU=com

and enter the SAN field as asown above for the CSR.

 

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎03-12-2014 10:55 AM

Mike,

Take a look at the attached files.  (Still having issues showing pictures here since they updated the forum).

Long story short, the wildcard goes in the SAN field.  I have shown this in the second picture.

 

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

Preview file
11 KB
Preview file
22 KB
0 Helpful

Go to solution
mjrmontemayor
Level 1
Level 1
In response to Charlie Moreton

‎03-16-2014 07:06 AM

Thanks Charles for the response, do I need to purchase Wildcard SSL Certificate to use in Distributed Cisco ISE deployments? Seems that when purchasing wildcard certificate they need the CN field fill up with the wildcard name.

0 Helpful

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee
In response to mjrmontemayor

‎03-17-2014 06:07 AM

Mike,

 

A wildcard cert is definitely the way to go in a distibuted environment.  Use the hostname got your Admin node in the CN field:

 

CN=ise, OU=domain, OU=com

and enter the SAN field as asown above for the CSR.

 

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

0 Helpful
Customers Also Viewed These Support Documents