Obtaining a Certificate for an Internal Domain

doodles6970 · September 20, 2017, 5:40pm

Hello,

hoping someone can help. I am currently deploying Cisco Identity Services Engine. I plan to use this for dot1x authentication for both my wired and wireless clients. I also would like to use the Guest Wireless, profiling and posturing.
Now in ideal world scenarios I would use an Internal CA like ADCS however we do not have control of our AD Domain as we are in a tenanted domain.

I would prefer to have a public CA anyway so that more devices will support and recognise the signing authority on the certificate, especially Apple devices.

I would like to obtain a certificate that i can import into the CA service built into ISE. We do not have a public facing website so I would not be able to use CERTBOT. Is it possible to obtain this just by proving I have control over our domain?

Thanks in Advance,
Doodles

rg305 · September 20, 2017, 5:50pm

The downside to any solution is automation.
LE certs last only 90 days.

jared.m · September 20, 2017, 5:57pm

As rg305 mentioned, the downside is that you’ll have to reconfigure this every couple months, but yes. If you control the DNS zone for this domain, you can use the dns-01 challenge method to prove ownership. This involves placing a TXT record in your DNS. The documentation covers this pretty clearly.

ahaw021 · September 22, 2017, 4:48am

have a look at this

Andrei

system · October 22, 2017, 4:48am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
What are my options of getting a valid cert? Help	12	745	December 4, 2020
Get Certificates for internal Server in intranet Help	5	12439	September 23, 2018
Update FAQ about what domains can get LE certificates Site Feedback	10	2944	March 2, 2017
Failed to create Cert for intranet Server Server	8	1106	November 25, 2018
Local Domain certs with Let's Encrypt CA Help	14	11928	February 22, 2024

Obtaining a Certificate for an Internal Domain

Related topics