03-09-2015 12:54 PM - edited 03-10-2019 10:32 PM
How to install an external wildcard certificate for SSL on ISE 1.3 and get it running for a guest portal ?
Follow this links for guidance:
Cisco Identity Services Engine Admin Guide, Release 1.3
http://www.networkworld.com/article/2225032/infrastructure-management/what-are-wildcard-certificates-and-how-do-i-use-them-with-ciscos-ise.html
https://supportforums.cisco.com/discussion/12305836/installing-wildcard-cert-ise-httpeap
see Recording of Tech Talk Security: BYOD, Integrated CA, Multi-AD WebSession from November 6, 2014 of Aaron Woland
and now..... RESTART your ISE engine !
ISE need to get restarted to bind the intermediate and the wildcard certificate which will
send to the client for SSL. The client can now validate the certificates in the chain.
Currently the restart is not documented by Cisco and there is no warning message to restart the ISE engine.
03-09-2015 05:59 PM
Yep, a restart is needed for a new HTTPs certificate to take place. This has been the case since ISE 1.0 :)
Thank you for rating helpful posts!
03-09-2015 09:37 PM
Hi,
You would have to restart the services, there is a note in the Cisco ISE document. Please refer it below:
If you are using Firefox and Internet Explorer 8 browsers and you change the HTTPS local certificate on a node, existing browser sessions connected to that node do not automatically switch over to the new certificate. You must restart your browser to see the new certificate.
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_cert.html#pgfId-1183856
Regards,
Tushar Bangia
Note : Please do rate post if you find it helpful!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide