Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4898
Views
5
Helpful
4
Replies

ISE 2.0 sponsor portal URL

alberx
Level 1
Level 1

‎11-13-2015 02:26 AM - edited ‎03-10-2019 11:14 PM

Hello,

I´m implementing ISE 2.0 for wireless environment and I´m having problems with sponsor portal and certificates portal.

I would like to use the "https://ISE_Policies_FQDN:8443/sponsorportal/" as I have seen in different manuals for older versions, but I always get the response "404 Resource not found". I also tested with IP address instead of FQDN and different ports (8000, 8444.....).

I wouldn´t like to create a new FQDN domain name for every of this pages I have to create.

But in ISE 2.0 manuals doesn´t seem to be possible to use the ISE policies server FQDN in sponsor portal:

Enter at least one unique FQDN and/or hostname for
your Sponsor or MyDevices portal. For example, you
can entersponsorportal.yourcompany.com,sponsor,
so that when the user enters either of those into a
browser, they will reach the sponsor portal. . Separate
names with commas, but do not include spaces
between entries.
If you choose to update the default FQDN, you should
also do the following:
• Update DNS to ensure that the FQDN of the
new URL resolves to a valid Policy Services
Node (PSN) IP address. Optionally, this address
could point to a load balancer virtual IP address
that serves a pool of PSNs.
• To avoid certificate warning messages due to
name mismatches, include the FQDN of the
customized URL, or a wildcard, in the subject
alternative name (SAN) attribute of the local
server certificate of the Cisco ISE PSN.

Does anybody knows if it is mandatory to create a new FQDN for any of the sponsor or certificates pages I want to create??

Is it possible to use the ISE policies server FQDN for this pages??

Thanks.

2 people had this problem
Labels:
0 Helpful
4 Replies 4

kurmai
Cisco Employee
Cisco Employee

‎11-13-2015 10:48 AM

After 1.3, the https://ISE:8443/sponsorportal format is obsolete and sponsor.ISE:8443 is required. You can definitely configure ISE:8443 as the sponsor portal, but you will need to use a different port number for the other portals (such as guest portal) so that ISE can distinguish among them.

alberx
Level 1
Level 1
In response to kurmai

‎11-16-2015 12:48 AM

OK. Then I have to generate a certificate for every page I have to create or a certificate with the SAN names of every pages (sponsor, certificates....)

Thanks.

0 Helpful

rchockeelopez
Level 1
Level 1
In response to alberx

‎03-27-2017 03:20 PM

I got the same issue with the sponsor portal certificate that has a mismatch in the name of the certificate. I have setup FQDN in the sponsor portal settings.

Can you please help me?

0 Helpful

alberx
Level 1
Level 1
In response to rchockeelopez

‎03-28-2017 12:59 AM

Hi rchockeelopez,

what I finally did was to create a wilcard certificate and use it for all the portals in my ISE environment (*.wifi.mycompany.com). Then the sponsor portal is "sponsor.wifi.mycompany.com", the guest in "guest.wifi.mycompany.com"....etc.

It is more expensive than a single certificate but you can use it for all the portals you have to create, and in my opinion is simplest and worthy.

If not, you have to create a certificate for every portal you create, or a certificate with all the SAN names of the portals you will create.

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents