Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2765
Views
5
Helpful
3
Replies

ISE and portals certificate MANAGEMENT

marco.merlo
Level 1
Level 1

‎03-10-2016 02:15 AM - edited ‎03-10-2019 11:33 PM

Hi to all,

I need to provide two different kind of Certificates To Guest Portals and Sponsor Portals.

Guest Portals should have a public CA signed certificates but Sponsor Portals should have our interal CA signed certificate.

I have not been able to create two different "Portal group tag" objects to handle different certificates delivering.

Besides It seems that if you configute a sponsor portal with this FQDN

sponsorportal.company.com

before redirecting to

sponsorportal.company.com:8443

ISE 2.0 seems to associate to

sponsorportal.company.com:443 the certificate used for the admin interface.

Since admin interface has a different FQDN, users get browser warning.

Maybe it's mandatory to buy a unique public certificate with all the needed SANs?

Regards

MM

Labels:
0 Helpful
3 Replies 3

marco.merlo
Level 1
Level 1

‎03-10-2016 02:51 AM

Update:

I missed that certificate tags actually are created during system certificates import,

So the first issue is solved.

I still have problem with the redirection one.

Regards

MM

0 Helpful

marco.merlo
Level 1
Level 1
In response to marco.merlo

‎03-15-2016 03:46 AM

Solution found in CISCO documentation: ACS admin certificate shoud be created  with the correct SAN, it must contain at least to SANS:

one with ise fqdn and a second one with sponsor portal FQDN.

MM

bryanhaagsman
Level 1
Level 1
In response to marco.merlo

‎04-20-2016 02:06 PM

Thank you for the follow up on your issue. I had the same situation and my issue is also now resolved.

0 Helpful
Customers Also Viewed These Support Documents