Solved: Wilcard Certificate for Cisco ISE admin portal

mikeyasg · ‎01-27-2023

Hi,

I was using a CA signed wildcard certificate for the Admin portal of Cisco ISE. it was succesfully installed but when i browse to the admin portal it shows not secure certificate is not valid. i stil can see the wildcard certificate in the certificate details of the browser. i already imported the certificate including the intermediate certificate in my windows trusted certificates folder. the certificate is also imported into Cisco ISE trusted certificates. is there anything that i sld be doing?

hslai · ‎01-31-2023

@mikeyasg You are accessing your ISE admin web portal by its FQDN. Right? In case you are using IP, it can give hostname match error. If the issuing CA is well-known, its root CA should already be trusted by Windows unless you are using older versions of client OS and there might be an issue with SHA-1/SHA-2 compatibility.

As you are unlikely to share the screenshots of the certificate hierarchy and the browser errors, please consider engage Cisco TAC.

View solution in original post

ahollifield · ‎01-27-2023

Try a different browser? Does the wildcard name match the DNS name of ISE?

mikeyasg · ‎01-28-2023

The wild card certificate that I imported to ISE is like *.domain.com and the FQDN of the ISE is ISE.domain.com

ahollifield · ‎01-28-2023

Is it upper case? ISE FQDNs should always be lower case. Case sensitive operating systems will not trust this.

mikeyasg · ‎01-28-2023

It’s lowercase the autocorrect is messing up my writing. But fqdn is not included in the cert I just imported the CA signed wildcard and assigned it for the admin.

Landen · ‎01-28-2023

A wildcard certificate is a type of digital certificate that can be used to secure multiple subdomains within a domain. In the context of Cisco ISE (Identity Services Engine), a wildcard certificate can be used to secure the administration portal, which is used to manage and configure the ISE system.

To configure a wildcard certificate for the Cisco ISE admin portal, you will need to follow these general steps:

Obtain a wildcard certificate from a trusted certificate authority (CA)
Import the certificate and private key into Cisco ISE
Configure Cisco ISE to use the imported certificate for the admin portal

It is important to note that you should always verify the authenticity of a certificate before importing it into Cisco ISE, and also to follow the correct steps for importing a certificate.

I did the same on my website : https://goappsplay.com/blackmartapk/

mikeyasg · ‎01-28-2023

What I did is the same as you stated

hslai · ‎01-31-2023

@mikeyasg You are accessing your ISE admin web portal by its FQDN. Right? In case you are using IP, it can give hostname match error. If the issuing CA is well-known, its root CA should already be trusted by Windows unless you are using older versions of client OS and there might be an issue with SHA-1/SHA-2 compatibility.

As you are unlikely to share the screenshots of the certificate hierarchy and the browser errors, please consider engage Cisco TAC.

mikeyasg · ‎01-31-2023

Thank You @hslai i forgot to use the FQDN to access the portal.

Wilcard Certificate for Cisco ISE admin portal

Automatic ISE Portal Certificate Renew with Letsencrypt - how to guide

ISE 2.1 - Certificate Provisioning Portal の構築例

Cisco ISE Certificate Change - Considerations and Best Practices

Cisco ISE Guest Portal Customization - Self-Registration Button

Cisco Umbrella transitioning from DigiCert to Identrust certificates