03-21-2024 11:13 AM
Good afternoon, we need to install a 3rd party public CA certificate on an ISE PSN for EAP authentication only (EAP-PEAP)
The ISE PSN is currently to configured with a .local domain suffix (company.local)
As a result, we cannot generate a CSR on this PSN matching the companies public FQDN (company.com)
Common name in the cert would be ise.company.com.
Question: To avoid changing the domain suffix of the ISE PSN to company.com so that we can generate a CSR to be signed by a public CA, is it possible to simply create the CSR in OpenSSL, have it signed and then imported into ISE?
What i am unsure of is whether a publically signed certificate would need to be binded to a CSR generated on the PSN or whether the approach outlined above using OpenSSL would work and we keep the domain suffix of the PSN as company.local?
Assume this would be ok providing that we had the original private key used to generate the CSR?
Regards
Solved! Go to Solution.
03-21-2024 11:20 AM
@Ideal Networks you can import certificates in to ISE that have been generated off box, you will have to import the certificate and private key.
03-21-2024 11:20 AM
@Ideal Networks you can import certificates in to ISE that have been generated off box, you will have to import the certificate and private key.
03-21-2024 11:22 AM
Thank you @Rob Ingram appreciate the response.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide