https://community.cisco.com/t5/network-access-control/prevent-authentication-for-certificate-duplication/m-p/3681409#M25310 <P>The certificate provisioning done by ISE BYOD puts the endpoint's MAC address in the SAN of the certificate so that we may use this pre-build policy rule, which has a condition MAC_in_SAN, to verify.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-08-04 at 7.53.11 PM.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/16059iF9CED7211E344D10/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2018-08-04 at 7.53.11 PM.png" alt="Screen Shot 2018-08-04 at 7.53.11 PM.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-08-04 at 7.55.52 PM.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/16060iA1BB7E02D49F9749/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2018-08-04 at 7.55.52 PM.png" alt="Screen Shot 2018-08-04 at 7.55.52 PM.png" /></span></P> Sun, 05 Aug 2018 02:57:15 GMT hslai 2018-08-05T02:57:15Z https://community.cisco.com/t5/network-access-control/prevent-authentication-for-certificate-duplication/m-p/3679595#M25309 <P>Hi Folks,&nbsp;</P> <P>&nbsp;</P> <P>We are working for a customer for ISE POC, standalone node running in 2.3. Basically the use case is if the customer copy the certificate from their machine and install in different machine, the ISE should need to access reject/prevent authentication for the new machine or generate some kind of alert saying the certificate is duplicated or copied? Can we do demo this test case?</P> <P>&nbsp;</P> <P>Any help here.&nbsp;</P> Mon, 11 Mar 2019 08:47:41 GMT https://community.cisco.com/t5/network-access-control/prevent-authentication-for-certificate-duplication/m-p/3679595#M25309 smano 2019-03-11T08:47:41Z https://community.cisco.com/t5/network-access-control/prevent-authentication-for-certificate-duplication/m-p/3681409#M25310 <P>The certificate provisioning done by ISE BYOD puts the endpoint's MAC address in the SAN of the certificate so that we may use this pre-build policy rule, which has a condition MAC_in_SAN, to verify.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-08-04 at 7.53.11 PM.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/16059iF9CED7211E344D10/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2018-08-04 at 7.53.11 PM.png" alt="Screen Shot 2018-08-04 at 7.53.11 PM.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-08-04 at 7.55.52 PM.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/16060iA1BB7E02D49F9749/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2018-08-04 at 7.55.52 PM.png" alt="Screen Shot 2018-08-04 at 7.55.52 PM.png" /></span></P> Sun, 05 Aug 2018 02:57:15 GMT https://community.cisco.com/t5/network-access-control/prevent-authentication-for-certificate-duplication/m-p/3681409#M25310 hslai 2018-08-05T02:57:15Z