Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2496
Views
6
Helpful
8
Replies

Wilcard Certificate for Cisco ISE admin portal

Go to solution
mikeyasg
Level 1
Level 1

‎01-27-2023 06:10 AM

Hi,

I was using a CA signed wildcard certificate for the Admin portal of Cisco ISE. it was succesfully installed but when i browse to the admin portal it shows not secure certificate is not valid. i stil can see the wildcard certificate in the certificate details of the browser. i already imported the certificate including the intermediate certificate in my windows trusted certificates folder. the certificate is also imported into Cisco ISE trusted certificates. is there anything that i sld be doing?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎01-31-2023 07:39 PM

@mikeyasg You are accessing your ISE admin web portal by its FQDN. Right? In case you are using IP, it can give hostname match error. If the issuing CA is well-known, its root CA should already be trusted by Windows unless you are using older versions of client OS and there might be an issue with SHA-1/SHA-2 compatibility.

As you are unlikely to share the screenshots of the certificate hierarchy and the browser errors, please consider engage Cisco TAC.

View solution in original post

8 Replies 8

Go to solution
ahollifield
VIP
VIP

‎01-27-2023 10:32 AM

Try a different browser?  Does the wildcard name match the DNS name of ISE?

0 Helpful

Go to solution
mikeyasg
Level 1
Level 1
In response to ahollifield

‎01-28-2023 08:21 AM

The wild card certificate that I imported to ISE is like *.domain.com and the FQDN of the ISE is ISE.domain.com 

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to mikeyasg

‎01-28-2023 08:32 AM

Is it upper case? ISE FQDNs should always be lower case. Case sensitive operating systems will not trust this.
0 Helpful

Go to solution
mikeyasg
Level 1
Level 1
In response to ahollifield

‎01-28-2023 08:50 AM

It’s lowercase the autocorrect is messing up my writing. But fqdn is not included in the cert I just imported the CA signed wildcard and assigned it for the admin.

0 Helpful

Go to solution
Landen
Level 1
Level 1

‎01-28-2023 08:01 AM - edited ‎01-29-2023 11:21 AM

A wildcard certificate is a type of digital certificate that can be used to secure multiple subdomains within a domain. In the context of Cisco ISE (Identity Services Engine), a wildcard certificate can be used to secure the administration portal, which is used to manage and configure the ISE system.

To configure a wildcard certificate for the Cisco ISE admin portal, you will need to follow these general steps:

  1. Obtain a wildcard certificate from a trusted certificate authority (CA)
  2. Import the certificate and private key into Cisco ISE
  3. Configure Cisco ISE to use the imported certificate for the admin portal

It is important to note that you should always verify the authenticity of a certificate before importing it into Cisco ISE, and also to follow the correct steps for importing a certificate.

I did the same on my website : https://goappsplay.com/blackmartapk/

0 Helpful

Go to solution
mikeyasg
Level 1
Level 1
In response to Landen

‎01-28-2023 08:23 AM

What I did is the same as you stated  

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎01-31-2023 07:39 PM

@mikeyasg You are accessing your ISE admin web portal by its FQDN. Right? In case you are using IP, it can give hostname match error. If the issuing CA is well-known, its root CA should already be trusted by Windows unless you are using older versions of client OS and there might be an issue with SHA-1/SHA-2 compatibility.

As you are unlikely to share the screenshots of the certificate hierarchy and the browser errors, please consider engage Cisco TAC.

Go to solution
mikeyasg
Level 1
Level 1
In response to hslai

‎01-31-2023 10:17 PM

Thank You @hslai i forgot to use the FQDN to access the portal.

Top