Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3971
Views
0
Helpful
5
Replies

Network Setup Assistant Certificate Issue

Go to solution
chrisvanwyk
Level 1
Level 1

‎09-28-2017 12:54 AM

Hi

When the network setup assistant run how does is select and push the correct certificate to a machine?

Even in the BYOD setup when you select Certificate group tag the self signed is used. Deleted the self sign and the public certificate is used now. Users still get promoted to install the ROOT certificate even though this cert is a public cert with the ROOT certificate installed on the machine. How do I trouble shoot this so there is almost no user interaction for this. The browser does not have any issued on the portal when you register your device is only when the network setup assistant runs.

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chrisvanwyk
Level 1
Level 1
In response to hslai

‎09-29-2017 03:22 AM

I see even when you have selected not to prompt the user it still pops up. Well suppose the client will have to live with it.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎09-28-2017 04:58 AM

Yes if you replace your ISE cert you need to use it for your portals

This should be explained in the admin guide

What operating system are you using?

It sounds like it’s Apple iOS

Apple unfortunately has to accept the cert even though it’s a well known one, when you start the process you must accept it

Also if you are running multiple psns the best practice regardless is to use a certificate with a wildcard in the SAN so when you roam between psns you’re not required to accept the cert at every new radius server seen, this is also in the admin guide

Please see our BYOD Page off http://cs.co/ISE-community for more info

0 Helpful

Go to solution
chrisvanwyk
Level 1
Level 1
In response to Jason Kunst

‎09-28-2017 05:32 AM

The correct cert is tagged for portal use. The issue is not the portal it is the network setup assistant that you download. When it installs the native supplicant/profile it pushes a certificate to the machine. How do set that part?

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎09-28-2017 07:52 PM

This is how it working today. ISE can't check or assume the client device has the root certificate for ISE EAP server, so it will prompt to install it regardless.

0 Helpful

Go to solution
chrisvanwyk
Level 1
Level 1
In response to hslai

‎09-29-2017 03:22 AM

I see even when you have selected not to prompt the user it still pops up. Well suppose the client will have to live with it.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to chrisvanwyk

‎10-02-2017 01:15 PM

Yes.

The Windows-only option "Do not prompt user to authorize new servers or trusted certification authorities" is for after BYOD and certificate provisioning and during EAP-TLS.

0 Helpful
Customers Also Viewed These Support Documents