https://community.cisco.com/t5/network-access-control/ise-1-2-authorization-policy-for-digital-certificates/m-p/2308774#M135272 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You will have to upload all certificates (intermediate and root) that are used to sign the client cert into the ISE CA database. You will also have to make sure that checkbox for trust for client authentication is checked.</P><P></P><P>Thanks,</P><P></P><P></P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Fri, 16 Aug 2013 03:55:50 GMT Tarik Admani 2013-08-16T03:55:50Z https://community.cisco.com/t5/network-access-control/ise-1-2-authorization-policy-for-digital-certificates/m-p/2308772#M135189 <P>Hi Everyone. </P><P></P><P>I have Cisco Ise 1.2 when I created authorization Policy rule for PEAP(MSCHAPv2) and the ISE can match on the rule e permit based on AuthProfile. </P><P></P><P>BUT, authentications using digital certificates (EAP_TLS) I can´t do some AuthorizationPolicy for match. </P><P></P><P>I´m try some: </P><P></P><P><STRONG style="color: #000000; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px; background-color: #ffffff;">if </STRONG></P><P>any </P><P> <STRONG style="color: #000000; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px; background-color: #ffffff;">AND </STRONG></P><P>authEAPprot: EAP-TLS </P><P> <STRONG style="color: #000000; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px; background-color: #ffffff;">AND </STRONG></P><P>Certificate:inssue : iqual : CA-root </P><P> <STRONG style="color: #000000; font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 16px; background-color: #ffffff;">THEN </STRONG></P><P>ACCESS_FULL</P><P></P><P>In Operations&gt;Authetications I can see the authentication and when I open the details, I can see the method is EAP-TLS BUT my rule is not correct cuz<SPAN style="font-size: 10pt;"> authorization policy that use is </SPAN><STRONG style="font-size: 10pt;">Default.</STRONG></P><P><STRONG><BR /></STRONG>Someone can do some Tip about How i can make this rule for authentications that use EAP-TLS (digital certificates)???</P><P></P><P></P><P>tks</P> Mon, 11 Mar 2019 03:46:47 GMT https://community.cisco.com/t5/network-access-control/ise-1-2-authorization-policy-for-digital-certificates/m-p/2308772#M135189 Tiago Andrade de Paula 2019-03-11T03:46:47Z https://community.cisco.com/t5/network-access-control/ise-1-2-authorization-policy-for-digital-certificates/m-p/2308773#M135211 <HTML><HEAD></HEAD><BODY><P>Well, it just sounds like it's not matching your rule, try removing the certificate issuer = CA-root condition and see what happens. </P><P></P><P>Remember that if you use equals as operator, it has to match exactly including case, what your certfificate have written in the certificate issuer field you are using.</P></BODY></HTML> Thu, 15 Aug 2013 19:29:11 GMT https://community.cisco.com/t5/network-access-control/ise-1-2-authorization-policy-for-digital-certificates/m-p/2308773#M135211 jan.nielsen 2013-08-15T19:29:11Z https://community.cisco.com/t5/network-access-control/ise-1-2-authorization-policy-for-digital-certificates/m-p/2308774#M135272 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You will have to upload all certificates (intermediate and root) that are used to sign the client cert into the ISE CA database. You will also have to make sure that checkbox for trust for client authentication is checked.</P><P></P><P>Thanks,</P><P></P><P></P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Fri, 16 Aug 2013 03:55:50 GMT https://community.cisco.com/t5/network-access-control/ise-1-2-authorization-policy-for-digital-certificates/m-p/2308774#M135272 Tarik Admani 2013-08-16T03:55:50Z