Public portal cert not trusted on iOS devices

mmcfarlin456 · ‎11-16-2017

On ISE 2.3 Patch 1, I'm running into an issue where only iOS devices don't trust the Digicert signed multi-domain portal certificate. Windows 10, Mac OSX 10.13, and Android don't have this issue.

jacob.fredriksson · ‎11-16-2017

Hi!

I've had similar problems on iOS devices but that occured only during BYOD-flows. Even trusted third-party certificates had to be manually accepted and added into the trusted store on the device on iOS versions newer than iOS 9. This was during the section in BYOD where the device installs the user certificate and the ISE's certificate etc.

But I've never had a problem with trusted certificates on a portal like you are describing it... anything odd about the certificate in question? Is it using a SHA1 hash?

mmcfarlin456 · ‎11-16-2017

The issued cert uses SHA2, but the root CA is using SHA1

jacob.fredriksson · ‎11-16-2017

Okay, that shouldn't be a problem..

Are you sure the domains in the certificate "covers" the hostname of your ISE nodes?

mmcfarlin456 · ‎11-16-2017

Yes. Definitely

jacob.fredriksson · ‎11-16-2017

Did the problem appear just now? Maybe Apple has goofed up their trusted store on up-to-date iOS devices. Do you have any older iOS devices you could try accessing the portal on?

mmcfarlin456 · ‎11-16-2017

This is a lab implementation. Guest portal was previously working before I switched to a public cert last night. I've got an old ipad lying around somewhere and still on 10.x code.

mmcfarlin456 · ‎11-17-2017

I’m just going to do a clean install. One other thing I did prior to the cert install was a domain name change. Even if I get this working now, I may have issues in the future.

Thanks for your help!