Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1715
Views
0
Helpful
3
Replies

ISE Guest Portal Certificate Apple Trust Issue

Go to solution
eric.reeves
Level 1
Level 1

‎08-10-2017 08:56 AM

I have configured our wildcard certificate for Guest Hotspot Portal.  Windows trusts the Network Solutions wildcard certificate but Apple Macbook does not.  On the MAC when connecting to the guest portal WLAN I receive the error "This certificate was signed by and unknown authority" This appears to my co-worker that ISE is not passing the Intermediate Certs to allow the Macbook to trust the certificate.  I have imported all the certificates as ISE Trusted Certs.  Any advice on this issue would be very much appreciated.  Thank you!

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎08-10-2017 11:00 AM

Is it in the keystore on MAC? What’s the serial number of it?

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎08-10-2017 11:00 AM

Is it in the keystore on MAC? What’s the serial number of it?

0 Helpful

Go to solution
eric.reeves
Level 1
Level 1
In response to Jason Kunst

‎08-11-2017 10:20 AM

Jason,

Sorry for the delay in my reply.  The CA certificate is on the macbook  its serial is 01 fd 6d 30 fc a3 ca 51 a8 1b bc 64 0e 35 03 2d .  The Network Solutions Intermediate certificate that signed our wild card certificate is not on the mac therefore as I understand it ISE would have to pass that certificate in order to allow it to be trusted.  Using wireshark I can see that ISE is only passing our wildcard cert.  I created a concatenate .pem file with the Root....the intermediate....our wildcard cert(in that order) and utilized that for guest portal. Unfortunately the Macbook continues to not trust it.  Oddly enough the iphone doesn't have a problem with it, nor does Windows and Android.  I decided to try our Thawte wildcard certificate and I experience the same issue with the Macbooks.  Is there something I may be missing in my certificate installation that would cause ISE not to pass the intermediate certs to the client?

0 Helpful

Go to solution
eric.reeves
Level 1
Level 1
In response to eric.reeves

‎08-11-2017 12:50 PM

Jason,

I think I just found the problem.  After discovering this old ISE bug in version 1.3 I decided to reload my PAN and PSN to see if the bug still existed in 2.2 and boom the Macbook likes both of my wildcard certificates!

Bug in version 1.3

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut26025/?referring_site=bugquickviewredir

0 Helpful
Customers Also Viewed These Support Documents