02-19-2015 03:36 AM - edited 03-10-2019 10:28 PM
hi,
I have configured cisco ise for Web_Auth_Redirection, Everything is working perfectly but I am having a lot of complains from users due to the certificate not been trusted. I understand that redirection by default is through https how can i solve this so that users are not prompted for certificate.
02-19-2015 05:06 PM
My answers below:
can I change redirection portal to be http instead of https
NS: No, this cannot be changed and you would not want to change it as username/passwords would be transmitted in plain-text
can I install a certificate in the ise server that will be trusted by the clients
NS: Yes, you can get a certificate from a well known CA like VeriSign or GoDaddy and that way you would avoid the certificate errors.
Thank you for rating helpful posts!
02-19-2015 08:08 PM
Gert, it may not help even if you get proper cert for all NADs. Whether switch certificate is valid or not is another matter, the fact that the CN of the switch certificate does not match the original host name of the requested URL will force the browser to prompt the user every time.
02-20-2015 08:30 AM
Hi Manjeet, this is a good point but it will only apply if using LWA (local web auth) and not CWA.
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide