Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
548
Views
0
Helpful
1
Replies

ISE Posture Certificate

packet2020
Level 3
Level 3

‎02-24-2025 01:33 PM

Hi All,

I'm currently setting up ISE posture assessment on an existing ISE 3.2 deployment and I need some guidance regarding certificates to prevent errors during posture discovery/assessment for unmanged devices.

The PSNs have been configured with an FQDN using a private domain name so it not going to be easy to provision a well-known public CA signed certificate on the PSNs for the admin role in addition to the portal role. Instead as a workaround, is it possible to use static FQDN entries in the call home list to directly targert the PSNs without the need for discovery and redirects removing the need to configure a public cert for the admin role? 

For example, will it work if we configure the call home list to include FQDNs posture1.domain.com:8443 (resolves to PSN1) and posture2.domain.com:8443 (resolves to PSN2) and then configure these FQDNs on the provisioning portal along with a certificate tag associated to public CA signed certificate?

 

0 Helpful
1 Reply 1

Aref Alsouqi
VIP
VIP

‎02-25-2025 02:37 AM

I don't think that would change much because in the end the certificate warning issue would still exist. Adding all the required SANs to the public certificate wouldn't be an option? it should be possible without any issue.

0 Helpful
Customers Also Viewed These Support Documents