We've just setup an ISE server (Version 1.3.0.876) and have configured a Hot Spot portal for guest users. Everything about the portal works just fine, however! The issue we are running into is we have installed a public cert signed by a public CA (Starfield CA), however when guests go to the EULA page on the ISE server, they are getting a cert error due to the certificate path not becoming populated. I look at the cert it gets and the path only contains the issued cert, not the CAs it needs above it. (I believe the cert requests the browser to go to a website to download the latest public CAs for the issued cert)
I can get around this by permitting that IP it hits in the ACL on the WLC, but I would like to just simply have ISE deliver the cert WITH it's public CAs just incase that IP changes, or it's actually hitting a VIP and it is just being round robin'd.
Does anyone know how this is done?
I've tried the following:
Pulled the cert off ISE, added the public CAs into the server cert and added it back into ISE, no luck. (I may have not done this properly, let me know if this should have worked)
Added the public CAs into ISE and trusted them, no luck with that either.
Let me know! Thanks guys!
