cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
590
Views
0
Helpful
6
Replies

ise web portal public certificate

CCC3
Level 1
Level 1

hello.

I set up a random mac detected page using hotspot.

However, in order to prevent the additional security warning window from appearing,
I am trying to install a public certificate.

I installed the public certificate in ise and registered the portal in used by.

1. Do I need to add a separate domain to the certificate?

1.1 If I need to add one, what domain should I add?

2. Do I need to install the certificate on the device (iPad)?

6 Replies 6

Why do you need a random MAC page at all?  What is the use-case?  Why not use an MDM to just disable MAC randomization?

  1. Depends, is your current ISE FQDN a public name space that a public CA will provide you a certificate for?  
  2. No, not if its a public CA trusted by Apple Devices.

This is a request from the customer,

I'm trying to manage some devices using Mac filtering.

So, if you try to use a random Mac, we plan to display the corresponding portal page and encourage you to disable it.

Could you please explain number 1 in more detail?

How do I know if my Apple device trusts a public CA?

ammahend
VIP
VIP

Generally when admins generate a CSR from ISE they include subject alternative names for portal use like guest.example.com, sponsor.example.com etc, and use the domain in url for redirection instead of using ise fqdn or ip. 
you do not need to install certificate on any device provided the CSR is signed by a publicly trusted certificate authority, because devices would trust the CA. 

-hope this helps-

Sorry, but I don't quite understand what you mean.

Currently, the public certificate used by the customer has been registered with ISE.
admin and portal have been registered.

So, when accessing the GUI, the security warning window does not appear.

However, when launching the web portal
A security warning window will appear.

I'm curious what else I need to do here to prevent that security warning window from appearing.

Well try couple of things, compare the serial number of the cert with warning  to serial number of cert of ise, this will ensure correct signed cert is used, make sure the certificate issued for authentication is not issued to CN with wildcard (SAN with wildcard is ok), Try different browsers, accept certificate once and see if you are prompted again, For testing you can also try and import certificate chain into browser and see if you still get error. 

what’s the public CA  that signed your cert ?

-hope this helps-


@CCC3 wrote:

Currently, the public certificate used by the customer has been registered with ISE.
admin and portal have been registered.

So, when accessing the GUI, the security warning window does not appear.

However, when launching the web portal
A security warning window will appear.


Can you share a screenshot of the security warning?  Are you getting this warning on an Apple device?  If so, are you sure the prompt is not just asking if you want to trust the ISE certificate?