ā08-08-2013 02:27 PM - edited ā03-10-2019 08:45 PM
Hello guys,
My customer doesnt have a CA, but instead has wildcard certificates.
I will implement ISE in 3 different locations (each location independent and with all ise services). Havent look in dept about wildcard certs, but does ISE support this type of certificates? The certs i need is only for corporate users not to be shown with the ssl cert error when accesing ise portals.
If wild certificates supported, then will every independent site need to create a separate CSR for each one of them?
Thanks!
Emilio
Solved! Go to Solution.
ā08-08-2013 03:36 PM
Version 1.2 which just came out appears to, but the older version did not.
ā08-08-2013 03:51 PM
It seems to be added in ISE 1.2
http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_cert.html#wp1053232
~BR
Jatin Katyal
**Do rate helpful posts**
ā08-08-2013 03:36 PM
Version 1.2 which just came out appears to, but the older version did not.
ā08-08-2013 03:51 PM
It seems to be added in ISE 1.2
http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_cert.html#wp1053232
~BR
Jatin Katyal
**Do rate helpful posts**
ā08-08-2013 09:07 PM
Thanks guys, so im asuming the following (please correct me if im wrong).
I have 2 different locations each one of them with their own ISE in standalone mode but they depend on the same wild card certificates entity and share DNS, NTP, etc
They will each have their own urls for sponsor, guest and device portal so, i am asuming that i will have to send a CSR with all needed fqdnĀ“s for each site, right? That makes a total of 2 wildcard certs , one for each ISE deployment?
Thanks!
Emilio
ā08-09-2013 12:09 PM
Support for Universal Certificates:
Cisco ISE, Release 1.2 supports the use of wildcard server certificates for HTTPS (web-based services)
and EAP protocols that use SSL/TLS tunneling. With the use of universal certificates, you no longer have
to generate a unique certificate for each Cisco ISE node. Also, you no longer have to populate the SAN
field with multiple FQDN values to prevent certificate warnings. Using an asterisk (*) in the SAN field
allows you to share a single certificate across multiple nodes in a deployment and helps prevent
certificate-name mismatch warnings.
For more information, refer to the Cisco Identity Services Engine User Guide, Release 1.2. Kindly find the attached PDF for your clarification ISE 1.2 supports wildcard certificates. Even I had highlighted the same on page 14.
Support for Universal Certificates:
Cisco ISE, Release 1.2 supports the use of wildcard server certificates for HTTPS (web-based services)
and EAP protocols that use SSL/TLS tunneling. With the use of universal certificates, you no longer have
to generate a unique certificate for each Cisco ISE node. Also, you no longer have to populate the SAN
field with multiple FQDN values to prevent certificate warnings. Using an asterisk (*) in the SAN field
allows you to share a single certificate across multiple nodes in a deployment and helps prevent
certificate-name mismatch warnings.
For more information, refer to the Cisco Identity Services Engine User Guide, Release 1.2.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: