Looking for recommendations on guest/certificate issues on our ISE self registration portal, my certificate knowledge is pretty limited and just getting into using certificates.
This is only for guest users and contractors to avoid getting annoying certificate errors when using self registration portal for wireless guest access.Had to renew our certificates due to them expiring. We have EAP authentication running fine with no errors for our employees on our internal network with a private cert for machine authentication
Our ISE nodes have a FQDN of ISE1.company.edu and ISE2.company.edu
We do not have a public certificate for company.edu
However, our public domain CA is issued to a different domain of mycompany.edu
We are currently running ISE 188.8.131.52 with Patches 1 and 3 installed.
We have 5520 WLCs running code 8.5.171
Ive tried using SAN names or IP addresses to get around this but guest users are still receiving invalid/untrusted certificate errors when they open a web browser to be directed to the self registration portal. They are getting errors because the public and private domains do not match.
So what kind of certificate will work when our private domain does not match our public domain?
Any thoughts or suggestions would be appreciated.