https://community.cisco.com/t5/network-access-control/ise-certificate/m-p/3016698#M23910 <P>Hi</P> <P>Few question is if I use multiuse csr and get certificate from an external CA like godaddy,<BR />Can I use it for eap authentication or it need from internal ca .</P> <P>If I create csr for external CA ( multiuse ), Is it necessary to bind EAP or I can create a separate certificate for eap authentication from my internal CA</P> <P>If I did not choose "Trust for client authentication and Syslog " while importing Root certificate and when Binding I choose EAP authentication <BR />What will happen in that case ?</P> <P>Thanks</P> Mon, 11 Mar 2019 07:28:13 GMT muhsi_2015 2019-03-11T07:28:13Z https://community.cisco.com/t5/network-access-control/ise-certificate/m-p/3016698#M23910 <P>Hi</P> <P>Few question is if I use multiuse csr and get certificate from an external CA like godaddy,<BR />Can I use it for eap authentication or it need from internal ca .</P> <P>If I create csr for external CA ( multiuse ), Is it necessary to bind EAP or I can create a separate certificate for eap authentication from my internal CA</P> <P>If I did not choose "Trust for client authentication and Syslog " while importing Root certificate and when Binding I choose EAP authentication <BR />What will happen in that case ?</P> <P>Thanks</P> Mon, 11 Mar 2019 07:28:13 GMT https://community.cisco.com/t5/network-access-control/ise-certificate/m-p/3016698#M23910 muhsi_2015 2019-03-11T07:28:13Z https://community.cisco.com/t5/network-access-control/ise-certificate/m-p/3016699#M23915 <P>Theoretically you could use a certificate from a public CA for EAP. Practically you will use your own CA.</P> <P>The CA for the portals is a good candidate for public certificate to minimize certificate warnings.&nbsp;But with&nbsp;EAP you only have company managed clients which have your CA-certificate anyway. And you only want to trust the endpoint certificates of your company and not all that are issued by GoDaddy for example.</P> Fri, 17 Feb 2017 12:46:40 GMT https://community.cisco.com/t5/network-access-control/ise-certificate/m-p/3016699#M23915 Karsten Iwen 2017-02-17T12:46:40Z https://community.cisco.com/t5/network-access-control/ise-certificate/m-p/3016700#M23916 <P>Hi,</P> <P>Thanks for your reply .Basically this is to trust only organization owend devices ,That's why internal CA recommended .Correct me if &nbsp;I am wrong ?</P> <P></P> <P>And what is "<SPAN>Trust for client authentication and Syslog"</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>If I did not choose "Trust for client authentication and Syslog " while importing Root certificate and when Binding I choose EAP authentication what will happen .&nbsp;</SPAN></P> <P><SPAN></SPAN></P> <P>And If i bind &nbsp;admin portal , EAP authentication &nbsp;with a certificate (multi use ) &nbsp;issued by public ca ,and later &nbsp;I want to put internal CA for EAP ,What is the procedure &nbsp;?&nbsp;</P> <P></P> <P>Thanks&nbsp;</P> <P><SPAN></SPAN></P> <P><SPAN></SPAN></P> <P><SPAN></SPAN></P> <P></P> <P></P> Fri, 17 Feb 2017 13:21:50 GMT https://community.cisco.com/t5/network-access-control/ise-certificate/m-p/3016700#M23916 muhsi_2015 2017-02-17T13:21:50Z https://community.cisco.com/t5/network-access-control/ise-certificate/m-p/3016701#M23919 <P>Best to start with reading the admin-guide chapter on certificates:</P> <P>http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0111.html</P> <P>Each certificate is bound to a specific function. This function has to be enabled to work with one of the certificates. As each function (like EAP) can only be served by one certificate, it has to&nbsp;be disabled on the old certificate when enabled on a different one.</P> Fri, 17 Feb 2017 13:39:44 GMT https://community.cisco.com/t5/network-access-control/ise-certificate/m-p/3016701#M23919 Karsten Iwen 2017-02-17T13:39:44Z