Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
767
Views
0
Helpful
3
Replies

Installing Certificate in ISE for Secure Access

Go to solution
talkhan
Cisco Employee
Cisco Employee

‎01-21-2019 05:50 AM

Hi,

I have generated CSR with SAN as IP Address, we got it signed by the CA and already bind it with the CSR. I have imported the certificate chain file (*.p7b) in the certificate store. The issue is that if we are opening the ISE in MS Internet Explorer, its showing secure https access with both FQDN and IP address but when I am opening ISE in Google Chrome it is showing secure https access with FQDN and showing unsecure https access with IP Address. Please let me know how we can achieve to get secure https connection with IP address in Google Chrome.

Thanks & Regards,

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Surendra
Cisco Employee
Cisco Employee
In response to talkhan

‎01-21-2019 09:37 AM

You can try checking the following.


1. Double check the SAN entries of the certificates and see if the FQDNs and IP addresses are matching.
2. Check the chain by clicking on the Lock Icon in the address bar and then clicking on view certificate and then details.
3. Chrome, though it gives you a warning, it does tell you what it is warning about. I would suggest you read that warning carefully. What I would suggest is clear the cookies so that the big warning page comes up again when you try to access the ISE and check the warning.
4. If all of these things check out, contact TAC as confidential information for troubleshooting can be shared with them and not here.

Cheers.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Surendra
Cisco Employee
Cisco Employee

‎01-21-2019 06:24 AM

It would help if you can show a screenshot of the error and the part of the certificate chain it doesn't trust. It may or may not be he ISE certificate that is at fault. Trim out any sensitive data from the picture.
0 Helpful

Go to solution
talkhan
Cisco Employee
Cisco Employee
In response to Surendra

‎01-21-2019 06:32 AM

Hi Surendra,
It is not showing any error as such, only the things is that to access ISE when we are using FQDN it is showing Secure https Access and when we are using IP Address it is showing unsecure http access (It shows warning and we have to select we understand the risk) using Google Chrome.
0 Helpful

Go to solution
Surendra
Cisco Employee
Cisco Employee
In response to talkhan

‎01-21-2019 09:37 AM

You can try checking the following.


1. Double check the SAN entries of the certificates and see if the FQDNs and IP addresses are matching.
2. Check the chain by clicking on the Lock Icon in the address bar and then clicking on view certificate and then details.
3. Chrome, though it gives you a warning, it does tell you what it is warning about. I would suggest you read that warning carefully. What I would suggest is clear the cookies so that the big warning page comes up again when you try to access the ISE and check the warning.
4. If all of these things check out, contact TAC as confidential information for troubleshooting can be shared with them and not here.

Cheers.
0 Helpful
Top