cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1111
Views
1
Helpful
2
Replies

MAC address type when issuing Sever Certificate in Provisioning Portal

Lucas Woo
Level 1
Level 1

Hello,

As you see a title, I have to enter MAC address before issuing Server Certificate in Certificate Provisioning.

ise_mac.jpg

 

However I don`t know what type of MAC address I have to enter.

Is it MAC address of virtual server? or of physical server?

Do I need to enter correct MAC address value when importing certificate into server?

1 Accepted Solution

Accepted Solutions

Arne Bier
VIP
VIP

This field should contain the MAC address of the devices that this certificate will be installed on - e.g. if it's a mobile device (laptop) connecting via wifi, then it's the wifi MAC address. It serves as an additional security check to ensure that the cert belongs to the intended device.

It's a bit of an outdated security concept now because MAC addresses are mostly randomised when they connect to different SSIDs, and also MAC addresses can be spoofed. But putting any valid MAC address there is ok - you can choose to not check it during ISE Authorization. In other words, just ignore checking the MAC address if you don't care about it. But the cert creation process requires some valid MAC address to be there.

View solution in original post

2 Replies 2

Arne Bier
VIP
VIP

This field should contain the MAC address of the devices that this certificate will be installed on - e.g. if it's a mobile device (laptop) connecting via wifi, then it's the wifi MAC address. It serves as an additional security check to ensure that the cert belongs to the intended device.

It's a bit of an outdated security concept now because MAC addresses are mostly randomised when they connect to different SSIDs, and also MAC addresses can be spoofed. But putting any valid MAC address there is ok - you can choose to not check it during ISE Authorization. In other words, just ignore checking the MAC address if you don't care about it. But the cert creation process requires some valid MAC address to be there.

@Arne Bier 
Thank you for your reply and this helped me a lot.

I understand solutions about this.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: