ISE 1.3 - wildcard certificate

holger.moersfelder@global.ntt · ‎03-09-2015

How to install an external wildcard certificate for SSL on ISE 1.3 and get it running for a guest portal ?

Follow this links for guidance:

Cisco Identity Services Engine Admin Guide, Release 1.3
http://www.networkworld.com/article/2225032/infrastructure-management/what-are-wildcard-certificates-and-how-do-i-use-them-with-ciscos-ise.html
https://supportforums.cisco.com/discussion/12305836/installing-wildcard-cert-ise-httpeap
see Recording of Tech Talk Security: BYOD, Integrated CA, Multi-AD WebSession from November 6, 2014 of Aaron Woland

and now..... RESTART your ISE engine !

ISE need to get restarted to bind the intermediate and the wildcard certificate which will

send to the client for SSL. The client can now validate the certificates in the chain.

Currently the restart is not documented by Cisco and there is no warning message to restart the ISE engine.

nspasov · ‎03-09-2015

Yep, a restart is needed for a new HTTPs certificate to take place. This has been the case since ISE 1.0 :)

Thank you for rating helpful posts!

Tushar Bangia · ‎03-09-2015

Hi,

You would have to restart the services, there is a note in the Cisco ISE document. Please refer it below:

If you are using Firefox and Internet Explorer 8 browsers and you change the HTTPS local certificate on a node, existing browser sessions connected to that node do not automatically switch over to the new certificate. You must restart your browser to see the new certificate.

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_cert.html#pgfId-1183856

Regards,

Tushar Bangia

Note : Please do rate post if you find it helpful!!