06-18-2020 09:25 PM
Hi Experts,
We're planning to renew the Guest certificate in Cisco ISE (2.6). Please note, this is Multi-domain SSL.
I've some queries:-
1.While raising CSR, have selected 'Multi-use' with PSN's. So, later on when binding the certificate, I can select the portal option.. Is it correct method or should i select only the 'portal' option when raising CSR..?
2. Since this is Multi-domain SSL, have placed CN=ise.domain.com and placed this domain in addition to the PSN domains in the SAN.. Is this correct procedure ..?
3. When viewing the existing certificate in system certificates, it shows no value in the CN. Any idea why is it so..?
Also, Can someone please give me the overview or the best pratice to get this through...?
Cheers,
06-18-2020 11:25 PM
06-19-2020 04:28 AM
Hi- Thanks for the reply.
#2, Yeah, we're tying it to the multiple PSN's (01/02) in addition to the sub-domain mentioned in the CN
#3, Certificate issued to is showing as 'Multi-domain SSL'..
why is it so..? Does this imply Wildcard certificate option was checked..?
And, what if I import only the private key (from the existing working certificate) and the new server/identity certificate for the Guest portal. Will it work..?
06-21-2020 05:54 PM
Without selecting wildcard option, ISE will not allow to leave the CN field as blank. If the existing certificate CN name is blank then it must be having Subject Alternative Name field with wildcard.
Check the below document to have detailed explanation:
Hope it will help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide