Solved: Re: Issue Certificate Guest Portal Cisco ISE

Leonardo Pena Aristizabal · ‎02-26-2018

Hello,

I have a Cisco ISE v 2.3 already deploy and working as expected but I have an issue with the guest portal certificate, of course I don't have a public signed certificate on the ISE.

The question is: What kind of certificate do I have to buy, because if I request a SSL Standard I always have to pass the domain control but for this situation this not apply of course the ISE is not a public Web Page.

Thank you very much

Francesco Molino · ‎02-26-2018

Hi

Any ssl certificates like those are ok:

https://ca.godaddy.com/web-security/ssl-certificate

How many psn do you have? How many portals?

I ask these questions because of you have multiple psn, and you have only 1 certificate you'll need to export (with private key) the certificate and import on all of them. Don't forget to add all san when doing your csr.

Also if you have multiple portals, you can combine all of them into 1 certificate by adding all required san. Or you can plan to get a wildcard certificate and use it for whatever fqdn you want.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎02-26-2018

Hi

Any ssl certificates like those are ok:

https://ca.godaddy.com/web-security/ssl-certificate

How many psn do you have? How many portals?

I ask these questions because of you have multiple psn, and you have only 1 certificate you'll need to export (with private key) the certificate and import on all of them. Don't forget to add all san when doing your csr.

Also if you have multiple portals, you can combine all of them into 1 certificate by adding all required san. Or you can plan to get a wildcard certificate and use it for whatever fqdn you want.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Leonardo Pena Aristizabal · ‎02-27-2018

Hi

But I suspect that this type of certificate need domain validation, I say it because I already try one web server ssl certificate and I can´t validate de web page because it doesn't exist.

Thanks for you time

Francesco Molino · ‎02-27-2018

Can you explain the issue you have?

I use these certificates from untrust, GoDaddy, and many other providers and never get issues for ISE portals.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Leonardo Pena Aristizabal · ‎02-28-2018

Ok Sorry.

If I buy a Certificate for example from the page you told me, they will validate the domain?

Usually the Public CA require that somehow the stuff they are signing have to be validated throw an e-mail or modifing something in the DNS records.

I don't know if I made myself understood.

This is what I mean:

Thank you very much

Leonardo Pena Aristizabal · ‎02-28-2018

Hi,

Look I bought the certificate but this is I what I mean, how do I validate the server if is not public....

Thanks for your time

Francesco Molino · ‎02-28-2018

You have 3 types of certificate validation:

EV, OV and DV. DV being the less secure, meant the one on which only verification regarding the domain is done.

They will validate you have the right to use that domain.

I'm not the guy who buys certificate but i deploy them everyday and any vendor out there is working just fine (GoDaddy, Entrust, Thawte...)

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question