7 hours ago
Hi,
Not really a subject I'm strong on however I believe the answer should be B and E (not B and D)
Why D is wrong:
The WLC does not need to know or list the portal FQDN under its virtual interface because it’s not hosting that FQDN or the certificate. Essentially, what I'm seeing is that D is only applicable when the WLC itself hosts the login portal or when you want the WLC to present a specific FQDN and certificate for HTTPS. But in ISE deployments, particularly with CWA or guest portals, this does not apply.
Why E is correct:
A new CSR is needed so that the certificate installed on ISE includes the new static FQDN in its SAN or CN field. Without this, browsers will show certificate errors when redirected to the guest portal.
If I am missing something let me know, thanks!
Not really a subject I'm strong on however I believe the answer should be B and E (not B and D)
Why D is wrong:
The WLC does not need to know or list the portal FQDN under its virtual interface because it’s not hosting that FQDN or the certificate. Essentially, what I'm seeing is that D is only applicable when the WLC itself hosts the login portal or when you want the WLC to present a specific FQDN and certificate for HTTPS. But in ISE deployments, particularly with CWA or guest portals, this does not apply.
Why E is correct:
A new CSR is needed so that the certificate installed on ISE includes the new static FQDN in its SAN or CN field. Without this, browsers will show certificate errors when redirected to the guest portal.
If I am missing something let me know, thanks!