Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
565
Views
0
Helpful
6
Replies

ise web portal public certificate

CCC3
Level 1
Level 1

‎10-22-2023 05:23 PM

hello.

I set up a random mac detected page using hotspot.

However, in order to prevent the additional security warning window from appearing,
I am trying to install a public certificate.

I installed the public certificate in ise and registered the portal in used by.

1. Do I need to add a separate domain to the certificate?

1.1 If I need to add one, what domain should I add?

2. Do I need to install the certificate on the device (iPad)?

Labels:
0 Helpful
6 Replies 6

ahollifield
VIP
VIP

‎10-23-2023 12:27 PM

Why do you need a random MAC page at all?  What is the use-case?  Why not use an MDM to just disable MAC randomization?

  1. Depends, is your current ISE FQDN a public name space that a public CA will provide you a certificate for?  
  2. No, not if its a public CA trusted by Apple Devices.
0 Helpful

CCC3
Level 1
Level 1
In response to ahollifield

‎10-23-2023 05:13 PM

This is a request from the customer,

I'm trying to manage some devices using Mac filtering.

So, if you try to use a random Mac, we plan to display the corresponding portal page and encourage you to disable it.

Could you please explain number 1 in more detail?

How do I know if my Apple device trusts a public CA?

0 Helpful

ammahend
VIP
VIP

‎10-23-2023 05:35 PM - edited ‎10-23-2023 05:45 PM

Generally when admins generate a CSR from ISE they include subject alternative names for portal use like guest.example.com, sponsor.example.com etc, and use the domain in url for redirection instead of using ise fqdn or ip. 
you do not need to install certificate on any device provided the CSR is signed by a publicly trusted certificate authority, because devices would trust the CA. 

-hope this helps-
0 Helpful

CCC3
Level 1
Level 1
In response to ammahend

‎10-23-2023 09:56 PM

Sorry, but I don't quite understand what you mean.

Currently, the public certificate used by the customer has been registered with ISE.
admin and portal have been registered.

So, when accessing the GUI, the security warning window does not appear.

However, when launching the web portal
A security warning window will appear.

I'm curious what else I need to do here to prevent that security warning window from appearing.

0 Helpful

ammahend
VIP
VIP
In response to CCC3

‎10-23-2023 10:55 PM - edited ‎10-23-2023 10:57 PM

Well try couple of things, compare the serial number of the cert with warning  to serial number of cert of ise, this will ensure correct signed cert is used, make sure the certificate issued for authentication is not issued to CN with wildcard (SAN with wildcard is ok), Try different browsers, accept certificate once and see if you are prompted again, For testing you can also try and import certificate chain into browser and see if you still get error. 

what’s the public CA  that signed your cert ?

-hope this helps-
0 Helpful

Charlie Moreton
Cisco Employee
Cisco Employee
In response to CCC3

‎10-24-2023 06:08 AM

@CCC3 wrote:

Currently, the public certificate used by the customer has been registered with ISE.
admin and portal have been registered.

So, when accessing the GUI, the security warning window does not appear.

However, when launching the web portal
A security warning window will appear.

Can you share a screenshot of the security warning?  Are you getting this warning on an Apple device?  If so, are you sure the prompt is not just asking if you want to trust the ISE certificate?

0 Helpful
Customers Also Viewed These Support Documents