cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
719
Views
0
Helpful
4
Replies

ISE Guest Portal Certificate error

ammahend
Collaborator
Collaborator

In a 2 node deployment for ISE 2.7 patch 5, we have sponsored guest setup, everytime the guest redirect, they are presented with this certificate with common name 10.1.1.1, this IP does not exist in our network, once you bypass the error, it redirects to guest page with correct certificate.

Don't think there is any issue configuration wise, its a standard guest config with portal pointing to a wildcard public cert and everything works except this error when clients get redirected to guest portal.

any suggestions ?

-hope this helps-
4 Replies 4

ahollifield
Rising star
Rising star

What certificate tag is associate on your guest portal? 

What is the NAD here?  Cisco WLC?  Something else?

NAD is 5520, portal is assigned a custom tag, associated with public cert for portal use.

 

-hope this helps-

Are you performing SSL decryption anywhere within this flow?

I don't think so, there is no firewall between client - wlc and ISE, I did find out that the cert we were getting was from WLC default cert and the problem is isolated to Apple devices only. Android and windows devices are working fine.

After reading couple of apple forums, I am going to try adding following URL to redirect ACL and enabling captive portal bypass and see if that helps, if you have any more suggestions let me know.

*.connectivitycheck.gstatic.com

*.clients3.google.com/generate_204

captive.apple.com

-hope this helps-
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: