Guest

Preview Tool

Cisco Bug: CSCut16630 - ISE : https to sponsor portal using Admin cert not sponsor cert

Last Modified

Aug 07, 2018

Products (1)

  • Cisco Identity Services Engine (ISE) 3300 Series Appliances

Known Affected Releases

1.3(0.901) 2.3(0.298) 2.4(0.357)

Description (partial)

Symptom:
Admin ui: CertA (self signed)
Sponsor Portal: CertB (3rd party wild card)
 
On the sponsor portal settings in the Admin UI, fqdn set to: sponsor.example.com
 
In a browser, go to http://sponsor.example.com, get CertB and then redirection happens to the full url (with https and port etc) and same cert is presented again.
 
Go to https://sponsor.example.com, get CertA. Since self signed, accept warning, redirected to the full url (with port etc), get CertB.

Conditions:
Have different certs for Admin and Sponsor portals and use https to access the sponsor portal

Related Community Discussions

CPP and Admin certificate different but on same interface
Hi, Configured the following on ISE 2.3: 1 ISE interface for CPP and Admin CCP portal runs on TCP port 8443 with its own certificate signed by CA1 Admin portal runs on port 443 with its own certificate signed by CA2 When a CCP redirection occurs, the client first get redirected on port 443 (with the wrong certificate) and to port 8443 with the right certificate. I would have expected that the client would directly go to the 8443 port. Anybody seen this ? Thanks
Latest activity: Oct 24, 2017
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.