Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
0
Helpful
7
Replies

Ise 3.2 Cert Provisioning portal not reachable

oscardenizjensen
Level 1
Level 1

‎12-13-2024 02:48 AM

Hej
I have a cert provisioning portal, but I am getting Resource not found error. I have restarted the internal CA, and cleared cache on browser but getting the same error. 

Any advice?

oscardenizjensen_1-1734086731596.png

 

 

oscardenizjensen_0-1734086653499.png

 

0 Helpful
7 Replies 7

ahollifield
VIP
VIP

‎12-16-2024 07:24 AM

What version of ISE?  Have you configured an FQDN for the certificate provisioning portal?  You must use that not, by trying to access the node directly with ip:port.

What is the use-case for the certificate provisioning portal?  The ISE internal CA is not designed to be used as a enterprise CA.  It's only designed for BYOD use-cases?  Which one should be using anymore, use an MDM instead.

0 Helpful

oscardenizjensen
Level 1
Level 1
In response to ahollifield

‎12-17-2024 07:09 AM - edited ‎12-17-2024 07:10 AM

We are running 3.2

We have FQDN for ise server itself. On portal settings I only see the option to configure HTTPS port, not FQDN. But I get the same result if i use FQDN:port .

If I click "test url", it actually uses the IP of ISE, and that link works, but if I try without test url it doesn't

We want it for VPN access to lab environment to a handful of people. It is a seperate VPN. I thought in theory it would be a very simple use case.



0 Helpful

ahollifield
VIP
VIP
In response to oscardenizjensen

‎12-17-2024 09:27 AM

You need to specify a different FQDN for the certificate provisioning portal.  And get that FQDN entered into DNS pointed at the PSN(s).  

You should NOT use the internal ISE for RAVPN use-cases.  

0 Helpful

oscardenizjensen
Level 1
Level 1
In response to ahollifield

‎12-18-2024 05:17 AM

To clarify, I need a seperate FQDN for <ISE IP>:<Portal Port> in my DNS? Why cant just putting port number not work?
ISE doesn't need to know of the FQDN?

0 Helpful

ahollifield
VIP
VIP
In response to oscardenizjensen

‎12-18-2024 05:40 AM

Yes it must be done with additional FQDN. ISE has multiple portals. The FQDN redirect is how it knows which portal to display.
0 Helpful

stayd
Level 1
Level 1
In response to ahollifield

‎12-17-2024 02:33 PM

Which one should be using anymore, use an MDM instead. ....

What do you mean by this ?
no more byod in ise ?

0 Helpful

ahollifield
VIP
VIP
In response to stayd

‎12-17-2024 03:35 PM

BYOD still exists as a feature within ISE but the mobile OS vendors have (correctly) locked down their devices so much that’s it’s an awful user experience and a nightmare for IT teams to manage.
0 Helpful
Customers Also Viewed These Support Documents