https://community.cisco.com/t5/network-access-control/ise-certificate-authentication-without-a-ca/m-p/2016555#M172641 <P>I have a unique situation where I am trying to authenticate via certificates in an enviroment without a CA. I have a wildcard cert from a third party that I can place on the devices. I added the thrid party root CA in the local store on ISE but I am still using the self-signed cert from ISE in my local certs for EAP authentication. Is there a way to use a wildcard cert for device authentication or is there a way to export a cert from ISE that can be loaded on the end device fro authentication. Any help would be greatly appreciated.</P> Mon, 11 Mar 2019 02:33:56 GMT Nicholas Copeland 2019-03-11T02:33:56Z https://community.cisco.com/t5/network-access-control/ise-certificate-authentication-without-a-ca/m-p/2016555#M172641 <P>I have a unique situation where I am trying to authenticate via certificates in an enviroment without a CA. I have a wildcard cert from a third party that I can place on the devices. I added the thrid party root CA in the local store on ISE but I am still using the self-signed cert from ISE in my local certs for EAP authentication. Is there a way to use a wildcard cert for device authentication or is there a way to export a cert from ISE that can be loaded on the end device fro authentication. Any help would be greatly appreciated.</P> Mon, 11 Mar 2019 02:33:56 GMT https://community.cisco.com/t5/network-access-control/ise-certificate-authentication-without-a-ca/m-p/2016555#M172641 Nicholas Copeland 2019-03-11T02:33:56Z https://community.cisco.com/t5/network-access-control/ise-certificate-authentication-without-a-ca/m-p/2016556#M172644 <HTML><HEAD></HEAD><BODY><P>On a side note when I use a wildcard cert I get an error that no private key is found when trying to authentictae to the ISE appliance. </P></BODY></HTML> Wed, 19 Sep 2012 13:02:38 GMT https://community.cisco.com/t5/network-access-control/ise-certificate-authentication-without-a-ca/m-p/2016556#M172644 Nicholas Copeland 2012-09-19T13:02:38Z https://community.cisco.com/t5/network-access-control/ise-certificate-authentication-without-a-ca/m-p/2016557#M172657 <HTML><HEAD></HEAD><BODY><P>Please review the below link which might&nbsp; be helpful on your concerns: </P><P><A href="http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_cert.html">http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_cert.html</A></P><P></P><P> <A href="http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_client_prov.html">http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_client_prov.html</A></P></BODY></HTML> Wed, 29 May 2013 23:05:16 GMT https://community.cisco.com/t5/network-access-control/ise-certificate-authentication-without-a-ca/m-p/2016557#M172657 vikasyad 2013-05-29T23:05:16Z https://community.cisco.com/t5/network-access-control/ise-certificate-authentication-without-a-ca/m-p/2016558#M172670 <HTML><HEAD></HEAD><BODY><P>Thanks Vikas.</P><P></P><P>I have since found the answer I was looking for. I talked with some of the guys in the BU and basically wildcard certs aren't supported on the end devices which make sense since it kind of eliminates the security aspect of certificate authentication. </P><P></P><P>The guides you sent still require the use of an actual CA or SCEP server in order to get the certificates to the clients. </P><P></P><P>In short I came up with a different solution that didn't use certificates.</P></BODY></HTML> Thu, 30 May 2013 12:27:40 GMT https://community.cisco.com/t5/network-access-control/ise-certificate-authentication-without-a-ca/m-p/2016558#M172670 Nicholas Copeland 2013-05-30T12:27:40Z https://community.cisco.com/t5/network-access-control/ise-certificate-authentication-without-a-ca/m-p/2016559#M172690 <HTML><HEAD></HEAD><BODY><P>Coming in a little late on this but my question was going to be: "What exactly is the end goal" For instance, were you looking to use EAP-TLS and if so then without a CA then you would probably need to look to something else. For instance, PEAP. However, I see that you have resolved your own issue which is great! <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN> Do you care to share with the rest of us what your solution was?</P></BODY></HTML> Fri, 31 May 2013 00:51:05 GMT https://community.cisco.com/t5/network-access-control/ise-certificate-authentication-without-a-ca/m-p/2016559#M172690 nspasov 2013-05-31T00:51:05Z