07-27-2017 10:47 AM
Is it possible to install a self-signed certificate from an ISE PSN Node to a client PC running Anyconnect so things like VPN, NAM, and most importantly ISE Posture Assessment module will trust it without clicking 'Connect Anyway'. ? I have tried to install the ceritficate in the local store from the ISE Admin GUI but its still prompting for trust. Is there a surefire way to install and automatically trust the self-signed certificate from ISE PSN Nodes to local PCs os they dont need to click 'Connect Anyway' every time their client connects to the LAN and is checked for posture complaince? I understand already we can buy a signed certificate but this is a Proof-of-Concept deployment and the certs arent going to be avaiable for a while. For testing with end-users we'd like to not require them to click 'Connect Anyway' 3 times everytime they connect to the LAN Thanks!
Solved! Go to Solution.
10-21-2017 02:27 PM
If the client machines are domain computers, then it's good to use Microsoft CA services as the PKI as the root CA certificates might get installed after domain join. Also, ensure the hostname/FQDN matching either the subject or the subject alternative names. If installing a self-signed certificate, it needs to go to trusted root certificates.
07-27-2017 10:53 AM
I would recommend asking in the anyconnect forum on anyconnect specific issues
Here is a list
https://communities.cisco.com/community/technology/security/pa
I will move it as well
10-21-2017 02:27 PM
If the client machines are domain computers, then it's good to use Microsoft CA services as the PKI as the root CA certificates might get installed after domain join. Also, ensure the hostname/FQDN matching either the subject or the subject alternative names. If installing a self-signed certificate, it needs to go to trusted root certificates.
03-23-2020 09:30 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide