ISE Guest Portal Certificate error

ammahend · ‎07-26-2022

In a 2 node deployment for ISE 2.7 patch 5, we have sponsored guest setup, everytime the guest redirect, they are presented with this certificate with common name 10.1.1.1, this IP does not exist in our network, once you bypass the error, it redirects to guest page with correct certificate.

Don't think there is any issue configuration wise, its a standard guest config with portal pointing to a wildcard public cert and everything works except this error when clients get redirected to guest portal.

any suggestions ?

-hope this helps-

ahollifield · ‎07-26-2022

What certificate tag is associate on your guest portal?

What is the NAD here? Cisco WLC? Something else?

ammahend · ‎07-26-2022

NAD is 5520, portal is assigned a custom tag, associated with public cert for portal use.

-hope this helps-

ahollifield · ‎07-27-2022

Are you performing SSL decryption anywhere within this flow?

ammahend · ‎07-28-2022

I don't think so, there is no firewall between client - wlc and ISE, I did find out that the cert we were getting was from WLC default cert and the problem is isolated to Apple devices only. Android and windows devices are working fine.

After reading couple of apple forums, I am going to try adding following URL to redirect ACL and enabling captive portal bypass and see if that helps, if you have any more suggestions let me know.

*.connectivitycheck.gstatic.com

*.clients3.google.com/generate_204

captive.apple.com

-hope this helps-

ISE Guest Portal Certificate error

ISE 2.1 - Certificate Provisioning Portal の構築例

[ISE] Validação de CPF de Guest Users

Self-Registered / Sponsored Guest Portal - Human Verification

Guest portal issues after patch update.

ISEのQueue Link Errorの影響例