Solved: Re: Installing a Third-Party CA-signed Certificate in ISE - Using Open

Ideal Networks · ‎03-21-2024

Good afternoon, we need to install a 3rd party public CA certificate on an ISE PSN for EAP authentication only (EAP-PEAP)

The ISE PSN is currently to configured with a .local domain suffix (company.local)

As a result, we cannot generate a CSR on this PSN matching the companies public FQDN (company.com)

Common name in the cert would be ise.company.com.

Question: To avoid changing the domain suffix of the ISE PSN to company.com so that we can generate a CSR to be signed by a public CA, is it possible to simply create the CSR in OpenSSL, have it signed and then imported into ISE?

What i am unsure of is whether a publically signed certificate would need to be binded to a CSR generated on the PSN or whether the approach outlined above using OpenSSL would work and we keep the domain suffix of the PSN as company.local?

Assume this would be ok providing that we had the original private key used to generate the CSR?

Regards

Rob Ingram · ‎03-21-2024

@Ideal Networks you can import certificates in to ISE that have been generated off box, you will have to import the certificate and private key.

View solution in original post

Rob Ingram · ‎03-21-2024

@Ideal Networks you can import certificates in to ISE that have been generated off box, you will have to import the certificate and private key.

Ideal Networks · ‎03-21-2024

Thank you @Rob Ingram appreciate the response.

Regards

Installing a Third-Party CA-signed Certificate in ISE - Using OpenSSL?