06-13-2019 08:56 AM
Hi team would like to check on the following:
If the SSL certs for ISE https Webserver are renewed, will this require manually on boarding the Certs to user devices (Non Windows devices).
We have seen behaviour where Android & Apple devices require manually onboarding the Cert.
This is not the case for Windows users. With Windows the new cert is automatically downloaded / onboarded on the windows device.
Is this behaviour expected ? And if so is there any particular reason why this only effects non Windows Devices?
Running ISE SNS-3415 (Release 2.4)
BR,
CA
Solved! Go to Solution.
06-13-2019 06:32 PM
This is more client-side behaviors than that on ISE.
Assuming ISE using the same self-signed for all different usages (admin, eap, etc.), Apple configuration profiles are signed by this ISE certificate and Apple clients will deem it invalid if the signing certificate has changed. On Android, the recent Android OS will validate the EAP server against the certificate installed and configured for the Wi-FI profile.
Windows OS is not as strict, AFAIK.
06-13-2019 06:32 PM
This is more client-side behaviors than that on ISE.
Assuming ISE using the same self-signed for all different usages (admin, eap, etc.), Apple configuration profiles are signed by this ISE certificate and Apple clients will deem it invalid if the signing certificate has changed. On Android, the recent Android OS will validate the EAP server against the certificate installed and configured for the Wi-FI profile.
Windows OS is not as strict, AFAIK.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide