Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4388
Views
2
Helpful
1
Replies

Guest Portal with Wildcard Certificate

Go to solution
joshhunter
Level 4
Level 4

‎04-29-2016 08:26 AM

Hello my customer would like to use their existing Wildcard Certificate *.theirdomain.com for the ISE Guest Portal.

So, I was going to use the URL: guest.theirdomain.com.


However after reading through the following article:

http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_0111.html#concept_8ECCCAF1252E40DDB9A786C0AC7BC3B2

I note:

"If you use wildcard certificates, we strongly recommend that you partition your domain space for greater security. For example, instead of *.example.com, you can partition it as *.amer.example.com. If you do not partition your domain, it can lead to serious security issues"

The customer has since looked into using the SAN field in their wildcard certificate for the use of guest.ise.theirdomain.com but it is very expensive. The other possible option is for a single domain certificate for guest.ise.theirdomain.com which is much cheaper option.

However, can someone explain their "serious security issues", else I will just use guest.theirdomain.com which is the free option.

1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎04-29-2016 08:30 AM

please read the following and let us know if you still have questions.


HowTo Implement Server Side Certificate

Also i talk about certs as well in the simple guest guide

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎04-29-2016 08:30 AM

please read the following and let us know if you still have questions.


HowTo Implement Server Side Certificate

Also i talk about certs as well in the simple guest guide

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents