Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
354
Views
3
Helpful
8
Replies

How do I install a wildcard certificate in ISE?

JustTakeTheFirstStep
Level 4
Level 4

‎09-03-2024 05:40 AM

I want to install a wildcard certificate.
I've been handed a wildcard certificate by an end user.
I want to know how to install the certificate.
The guide provided by Cisco says to use a CSR to generate the certificate and then bind the .pem file.
But what if I already have a wildcard certificate in use, how do I install it?

JustTakeTheFirstStep_0-1725367059033.png

JustTakeTheFirstStep_1-1725367140641.png

JustTakeTheFirstStep_2-1725367145696.png

 

 

0 Helpful
8 Replies 8

Rob Ingram
VIP
VIP

‎09-03-2024 05:47 AM

@JustTakeTheFirstStep you don't need to create a CSR from ISE. If you have the certificate generated elsewhere you can import the certificate as per your first screenshot. Just select the certfificate file, key file, define the password and Check "Allow Wildcard Certificates".

JustTakeTheFirstStep
Level 4
Level 4
In response to Rob Ingram

‎09-03-2024 09:06 PM - edited ‎09-03-2024 09:07 PM

@MHM Cisco World @Rob Ingram 

JustTakeTheFirstStep_1-1725422571499.png

https://community.cisco.com/t5/security-knowledge-base/how-to-implement-digital-certificates-in-ise/ta-p/3630897

According to the guide, use the pem, pvk extension.
However, the certificate file I have does not have the pem, pvk extension.
Which file do I need to import?

 

 

0 Helpful

JustTakeTheFirstStep
Level 4
Level 4
In response to MHM Cisco World

‎09-03-2024 09:09 PM - edited ‎09-03-2024 09:10 PM

@MHM Cisco World 

According to the guide, should do a CSR.
As I said, I have a certificate issued by a CA.
So I don't need to do a certificate request (CSR).
I am looking for a way to install the certificate without doing a CSR.

What do you think?

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to JustTakeTheFirstStep

‎09-03-2024 09:15 PM - edited ‎09-03-2024 09:16 PM

You have to have a copy of the private key file. That would be available from the system that was used to generate the CSR initially. Without the private key, it is not possible to install the wildcard certificate as a system certificate in ISE. That's fundamental to the nature of how Public Key Infrastructure (PKI) works.

0 Helpful

JustTakeTheFirstStep
Level 4
Level 4
In response to Marvin Rhoads

‎09-03-2024 10:07 PM

I have a .key extension file.
Do I need the .pvk extension?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to JustTakeTheFirstStep

‎09-04-2024 06:42 AM

@JustTakeTheFirstStep the key file extension is not important or mandatory. It appears from your screenshot that your .key file is most likely an Encrypted Private Key - you can verify by opening it in a text editor: the plain text will confirm it. In that case, you simply provide the password (most likely from, the password.txt file you showed) in the Import Server Certificate dialog box.

0 Helpful

Rob Ingram
VIP
VIP
In response to JustTakeTheFirstStep

‎09-03-2024 11:40 PM

@JustTakeTheFirstStep as already stated in the first reply, you do not need to create a CSR on ISE. To import, you will need the certificate, private key, and encryption password, which you seem to have from your screenshot. Certificates that are imported into Cisco ISE must be in privacy-enhanced mail (PEM) or distinguished encoding rule format. You may need to convert the file using openssl or another method.

https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_basic_setup.html?bookSearch=true#concept_8ECCCAF1252E40DDB9A786C0AC7BC3B2

 

0 Helpful
Customers Also Viewed These Support Documents