Obtaining a Certificate for an Internal Domain


hoping someone can help. I am currently deploying Cisco Identity Services Engine. I plan to use this for dot1x authentication for both my wired and wireless clients. I also would like to use the Guest Wireless, profiling and posturing.
Now in ideal world scenarios I would use an Internal CA like ADCS however we do not have control of our AD Domain as we are in a tenanted domain.

I would prefer to have a public CA anyway so that more devices will support and recognise the signing authority on the certificate, especially Apple devices.

I would like to obtain a certificate that i can import into the CA service built into ISE. We do not have a public facing website so I would not be able to use CERTBOT. Is it possible to obtain this just by proving I have control over our domain?

Thanks in Advance,

The downside to any solution is automation.
LE certs last only 90 days.

As rg305 mentioned, the downside is that you’ll have to reconfigure this every couple months, but yes. If you control the DNS zone for this domain, you can use the dns-01 challenge method to prove ownership. This involves placing a TXT record in your DNS. The documentation covers this pretty clearly.

1 Like

have a look at this


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.