Obtaining a Certificate for an Internal Domain

doodles6970 · September 20, 2017, 5:40pm

Hello,

hoping someone can help. I am currently deploying Cisco Identity Services Engine. I plan to use this for dot1x authentication for both my wired and wireless clients. I also would like to use the Guest Wireless, profiling and posturing.
Now in ideal world scenarios I would use an Internal CA like ADCS however we do not have control of our AD Domain as we are in a tenanted domain.

I would prefer to have a public CA anyway so that more devices will support and recognise the signing authority on the certificate, especially Apple devices.

I would like to obtain a certificate that i can import into the CA service built into ISE. We do not have a public facing website so I would not be able to use CERTBOT. Is it possible to obtain this just by proving I have control over our domain?

Thanks in Advance,
Doodles

rg305 · September 20, 2017, 5:50pm

The downside to any solution is automation.
LE certs last only 90 days.

jared.m · September 20, 2017, 5:57pm

As rg305 mentioned, the downside is that you’ll have to reconfigure this every couple months, but yes. If you control the DNS zone for this domain, you can use the dns-01 challenge method to prove ownership. This involves placing a TXT record in your DNS. The documentation covers this pretty clearly.

ahaw021 · September 22, 2017, 4:48am

have a look at this

Andrei

system · October 22, 2017, 4:48am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.