11-16-2017 07:47 AM - edited 02-21-2020 10:39 AM
On ISE 2.3 Patch 1, I'm running into an issue where only iOS devices don't trust the Digicert signed multi-domain portal certificate. Windows 10, Mac OSX 10.13, and Android don't have this issue.
11-16-2017 08:40 AM
Hi!
I've had similar problems on iOS devices but that occured only during BYOD-flows. Even trusted third-party certificates had to be manually accepted and added into the trusted store on the device on iOS versions newer than iOS 9. This was during the section in BYOD where the device installs the user certificate and the ISE's certificate etc.
But I've never had a problem with trusted certificates on a portal like you are describing it... anything odd about the certificate in question? Is it using a SHA1 hash?
11-16-2017 08:43 AM
The issued cert uses SHA2, but the root CA is using SHA1
11-16-2017 08:50 AM
Okay, that shouldn't be a problem..
Are you sure the domains in the certificate "covers" the hostname of your ISE nodes?
11-16-2017 08:51 AM
Yes. Definitely
11-16-2017 08:53 AM
Did the problem appear just now? Maybe Apple has goofed up their trusted store on up-to-date iOS devices. Do you have any older iOS devices you could try accessing the portal on?
11-16-2017 09:05 AM
This is a lab implementation. Guest portal was previously working before I switched to a public cert last night. I've got an old ipad lying around somewhere and still on 10.x code.
11-17-2017 03:09 PM
I’m just going to do a clean install. One other thing I did prior to the cert install was a domain name change. Even if I get this working now, I may have issues in the future.
Thanks for your help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide