09-03-2024 05:40 AM
I want to install a wildcard certificate.
I've been handed a wildcard certificate by an end user.
I want to know how to install the certificate.
The guide provided by Cisco says to use a CSR to generate the certificate and then bind the .pem file.
But what if I already have a wildcard certificate in use, how do I install it?
09-03-2024 05:47 AM
@JustTakeTheFirstStep you don't need to create a CSR from ISE. If you have the certificate generated elsewhere you can import the certificate as per your first screenshot. Just select the certfificate file, key file, define the password and Check "Allow Wildcard Certificates".
09-03-2024 09:06 PM - edited 09-03-2024 09:07 PM
According to the guide, use the pem, pvk extension.
However, the certificate file I have does not have the pem, pvk extension.
Which file do I need to import?
09-03-2024 06:12 AM
09-03-2024 09:09 PM - edited 09-03-2024 09:10 PM
According to the guide, should do a CSR.
As I said, I have a certificate issued by a CA.
So I don't need to do a certificate request (CSR).
I am looking for a way to install the certificate without doing a CSR.
What do you think?
09-03-2024 09:15 PM - edited 09-03-2024 09:16 PM
You have to have a copy of the private key file. That would be available from the system that was used to generate the CSR initially. Without the private key, it is not possible to install the wildcard certificate as a system certificate in ISE. That's fundamental to the nature of how Public Key Infrastructure (PKI) works.
09-03-2024 10:07 PM
I have a .key extension file.
Do I need the .pvk extension?
09-04-2024 06:42 AM
@JustTakeTheFirstStep the key file extension is not important or mandatory. It appears from your screenshot that your .key file is most likely an Encrypted Private Key - you can verify by opening it in a text editor: the plain text will confirm it. In that case, you simply provide the password (most likely from, the password.txt file you showed) in the Import Server Certificate dialog box.
09-03-2024 11:40 PM
@JustTakeTheFirstStep as already stated in the first reply, you do not need to create a CSR on ISE. To import, you will need the certificate, private key, and encryption password, which you seem to have from your screenshot. Certificates that are imported into Cisco ISE must be in privacy-enhanced mail (PEM) or distinguished encoding rule format. You may need to convert the file using openssl or another method.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide