> All Microsoft native supplicants tested (including Windows Mobile) do not support wildcards in the subject of the certificate. The use of another supplicant, such as Cisco’s AnyConnect Network Access Manager (NAM), will allow the use of wildcard characters in the subject field. Another option is to use special wildcard certificates like DigiCert’s Wildcard Plus that is designed to work on incompatible devices by including specific sub-domains in the Subject Alternative Name of the certificate.
@hslai Thank you for your reply, unfortunaterly this is a multi tenant environment and there isnt a common PKI, the guest portal works fine with a certificate signed by Digicert and attached to the default portal group.
However when accessing the sponsor portal, a HSTS error is presented to the client due to the fact that the ISE Admin cert is presented first, and the SAN entry for the sponsor portal doesnt exist in the default self signed certififcate.
Hence, because there is no common CA or PKI, the only way i can see this working is to change the ISE FQDN to a public domain ie: corp.com and generate a CSR for a multi use cert that is attached to both the admin service and default portal group.