i recently renewed the certificate in my ISE running version 22.214.171.1246 ADE-OS version 2.3.0187, before I had renewed it it worked fine until the cert expired. I was able to get the new one in and now when a guest tries to use the Guest wireless that guest is redirected to the
But it says the ISE refused to connect.
I have never worked with an ISE device before, so can anyone point me in the right direction?
Could you please elaborate a little bit more about your issue. What ISE Version are you running?, How many PSN's you have, are you using load balancer?, Did you make any recent change?. With all those answers I could give you some help
I experienced an issue in the past when I changed the certificate that was used by the PORTALS/Guest SSID (CWA or LWA). It was related to a bug on ISE 2.2 and that's why I am asking you for more information. In any case, once you uploaded the new certificate and assigned it to the PORTAL pages, did you check that those PORTALS actually were using it?.
We are running version 126.96.36.1996 in a standalone environment. We had a cert that was applied to the EAP Authentication and Default portal certificate group that was expiring last week. I had purchased a globalsign EV cert that had the FQDN for the ISE server as well as a secondary FQDN for the guest portal.
After applying that cert, we began running into problems with android not containing the required intermediate cert for the EV SSL cert that we purchased. I then had an OV cert with the same set of FQDNs and I was going to migrate the EAP Authentication and Default portal certificate group to that new cert.
Once I migrated to the new cert the Guest Portal as well as the my devices portal were inaccessible. Upon further investigating I found that the port "8443" was no longer open on ISE. If I migrated back to the EV cert the portals are accessible, but the android portal redirect fails as they don't contain the intermediate cert.
I have tried deleting and importing the cert again as well as having ONLY the new OV cert installed with no luck.
Any help is appreciated!
TLDR: When applying the default portal certificate group to the OV cert, the portals become inaccessible.
It probably is the "buggy" one haha. It has been a problem since I started here in August.
This is the 802.1x authentication on both our Wired and Wireless networks. It appears we are using Centralized Web Auth under the portal redirect.
I actually have an ISE 188.8.131.520 server that is spun up and is pending a few changes prior to migrating to that server. The biggest problem is migrating everything on campus over without impacting users.
Edit: Added that we are using CWA
From a wired laptop using a Chrome Browser, run a test on the GUEST Portal as indicated next from the ISE Node.
You should get a page like the following with an URL similar to this. Post the results.
After making the cert change, when you test the guest portal I receive "INET_E_RESOURCE_NOT_FOUND".
When attempting to connect to the guest network through the portal, I receive a "Connection Refused" error.
Check my previous screenshots, I want to certify that using ISE IP instead of FQDN you can display the GUEST PORTAL. After posting the results, I would provide you more verification steps/screenshots
When I open an SSH console to the ISE and do a "Show Ports", the port 8443 is no longer open when the portals are applied to this Cert.