- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2023 06:10 AM
Hi,
I was using a CA signed wildcard certificate for the Admin portal of Cisco ISE. it was succesfully installed but when i browse to the admin portal it shows not secure certificate is not valid. i stil can see the wildcard certificate in the certificate details of the browser. i already imported the certificate including the intermediate certificate in my windows trusted certificates folder. the certificate is also imported into Cisco ISE trusted certificates. is there anything that i sld be doing?
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2023 07:39 PM
@mikeyasg You are accessing your ISE admin web portal by its FQDN. Right? In case you are using IP, it can give hostname match error. If the issuing CA is well-known, its root CA should already be trusted by Windows unless you are using older versions of client OS and there might be an issue with SHA-1/SHA-2 compatibility.
As you are unlikely to share the screenshots of the certificate hierarchy and the browser errors, please consider engage Cisco TAC.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2023 10:32 AM
Try a different browser? Does the wildcard name match the DNS name of ISE?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2023 08:21 AM
The wild card certificate that I imported to ISE is like *.domain.com and the FQDN of the ISE is ISE.domain.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2023 08:32 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2023 08:50 AM
It’s lowercase the autocorrect is messing up my writing. But fqdn is not included in the cert I just imported the CA signed wildcard and assigned it for the admin.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2023 08:01 AM - edited 01-29-2023 11:21 AM
A wildcard certificate is a type of digital certificate that can be used to secure multiple subdomains within a domain. In the context of Cisco ISE (Identity Services Engine), a wildcard certificate can be used to secure the administration portal, which is used to manage and configure the ISE system.
To configure a wildcard certificate for the Cisco ISE admin portal, you will need to follow these general steps:
- Obtain a wildcard certificate from a trusted certificate authority (CA)
- Import the certificate and private key into Cisco ISE
- Configure Cisco ISE to use the imported certificate for the admin portal
It is important to note that you should always verify the authenticity of a certificate before importing it into Cisco ISE, and also to follow the correct steps for importing a certificate.
I did the same on my website : https://goappsplay.com/blackmartapk/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2023 08:23 AM
What I did is the same as you stated
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2023 07:39 PM
@mikeyasg You are accessing your ISE admin web portal by its FQDN. Right? In case you are using IP, it can give hostname match error. If the issuing CA is well-known, its root CA should already be trusted by Windows unless you are using older versions of client OS and there might be an issue with SHA-1/SHA-2 compatibility.
As you are unlikely to share the screenshots of the certificate hierarchy and the browser errors, please consider engage Cisco TAC.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2023 10:17 PM
Thank You @hslai i forgot to use the FQDN to access the portal.
