cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
686
Views
0
Helpful
5
Replies

ISE CSR - wild card or server specific?

jaheshkhan
Level 5
Level 5

im planning to implement ISE with 2 node appliances (not VM). To generate CSR which option should I use - wild card or without wild card?

which is the better way to do it? 

if using wild card what ill be missing? can I use the same certificate for all services EAP etc?

 

 

 

5 Replies 5

I would only use wildcard if there are too many devices to handle a SAN certificate. And with two nodes you just don’t need scalability with the certificate.

so with wildcard certificate is ok? i heard there will be some issue with EAP in windows client machines? is that true? what do you suggest?

As mentioned, SAN is better and more secure. But WC will typically work as long as the Wildcard is not in the CN. The CN should hold a generic FQDN and the WC is used in a SAN.

I generated wildcard as below. is this ok?

Hostname

ise01

Subject

CN=ise01.gg.net,OU=FQ ,O=GG,L=London,ST=London,C=UK

Key Length
2048

Timestamp
Sat, 21 Jan 2023

Friendly Name
ISE01#Multi-Use

Used for
Multi-Use

Subject Alternative Names

DNS:ise01.gg.net,DNS:ise02.gg.net,DNS:*.gg.net,IP:192.168.0.106,IP:192.168.0.107

Certificate Policies

Yes, that should work.