Gert, it may not help even if

kennedymacharia · ‎02-19-2015

hi,

I have configured cisco ise for Web_Auth_Redirection, Everything is working perfectly but I am having a lot of complains from users due to the certificate not been trusted. I understand that redirection by default is through https how can i solve this so that users are not prompted for certificate.

can I change redirection portal to be http instead of https
can I install a certificate in the ise server that will be trusted by the clients

nspasov · ‎02-19-2015

My answers below:

can I change redirection portal to be http instead of https

NS: No, this cannot be changed and you would not want to change it as username/passwords would be transmitted in plain-text

can I install a certificate in the ise server that will be trusted by the clients

NS: Yes, you can get a certificate from a well known CA like VeriSign or GoDaddy and that way you would avoid the certificate errors.

Thank you for rating helpful posts!

manjeets · ‎02-19-2015

Gert, it may not help even if you get proper cert for all NADs. Whether switch certificate is valid or not is another matter, the fact that the CN of the switch certificate does not match the original host name of the requested URL will force the browser to prompt the user every time.

nspasov · ‎02-20-2015

Hi Manjeet, this is a good point but it will only apply if using LWA (local web auth) and not CWA.

Thank you for rating helpful posts!

CISCO ISE DEPLOYMENT