Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
554
Views
2
Helpful
9
Replies

Error SSL Mobile Wildcard ISE

athan1234
Level 3
Level 3

‎11-29-2023 11:51 PM

Hello
My Wildcard certificate was renewed. After of this PC, the connections are fine; the mobile device is the issue

 

athan1234_0-1701330580275.png

 

 

 

Labels:
0 Helpful
9 Replies 9

ahollifield
VIP
VIP

‎11-30-2023 05:29 AM

Renewed with the proper SAN fields?  Wildcard present in the SAN also?

0 Helpful

athan1234
Level 3
Level 3
In response to ahollifield

‎12-01-2023 03:13 AM - edited ‎12-01-2023 03:15 AM

Hello, @ahollifield  I appreciate your response.

I generated the certificate via ISE and entered the same data as the previous certificate. I presume that if you have a wildcard certificate, do you also need to enter SAN fields?  Nevertheless has SAN this wildcard

I don't get why a wildcar, like *.midominio.com, needs a SAN. If you follow mydomin.com, all entries should be validated.

athan1234_1-1701429164285.png

 

This is the certificate

 

 

 

ISE SIDE for portal

 

athan1234_0-1701429104794.png

Mobile this ssl no trust only in mobile

 

athan1234_2-1701429303494.png

 

 

0 Helpful

ahollifield
VIP
VIP
In response to athan1234

‎12-01-2023 04:48 AM

Yes this all seems correct.  The wildcard must also have the wildcard in the SAN field.  Are you sure the spelling of the domain is the same?  Is the mobile device time/date correct? What version of Android?   All other devices trust this certificate?

athan1234
Level 3
Level 3
In response to ahollifield

‎12-12-2023 12:52 AM

Hi there @ahollifield
I apologize for the delay just to reply me today response.
iPhone It's ok no problem ; the mistake is in the Android mobiles; he attempts to use Android 12 as an example.
I am watching the firs words is bienvenido.xxxxxx.
May be in this case i woukd have to put a SAM bienvenido.xxxxx .
For solve this problem?

0 Helpful

MHM Cisco World
VIP
VIP

‎11-30-2023 06:16 AM

The mobile device which os it run?

MHM

0 Helpful

athan1234
Level 3
Level 3
In response to MHM Cisco World

‎12-12-2023 12:52 AM

Hhey
iPhone It's ok no problem ; the mistake is in the Android mobiles; he attempts to use Android 12 as an example.

0 Helpful

athan1234
Level 3
Level 3

‎12-13-2023 03:16 AM

Hey any idea ?

0 Helpful

ahollifield
VIP
VIP
In response to athan1234

‎12-13-2023 05:12 AM

My guess is the Digicert/Thawte root/intermediate CAs are not trusted on that model/version of Android.  Try a different Android client.

hslai
Cisco Employee
Cisco Employee

‎12-22-2023 03:48 PM

@athan1234 : Adding to @ahollifield , please check the complete certificate chain and, if needed, take packet capture and use WireShark or the like to verify. And check the root CA against the list of trusted certificates on the Android OS.

0 Helpful
Customers Also Viewed These Support Documents