topic Re: ISE - EAP Authentication Certificate in Network Access Control

ISE - EAP Authentication Certificate

kkillby — Tue, 23 Jul 2019 10:33:46 GMT

I am looking to replace the Certificate that is assigned to the EAP Authentication Role - However the question has come up:

Can this be a Public Certificate such as one signed by GoDaddy or does it need to be signed by the same CA that our Users get their Certificates from which is an internal Microsoft CA?

Thanks

Re: ISE - EAP Authentication Certificate

Surendra — Tue, 23 Jul 2019 11:42:51 GMT

It can be a public CA signed certificate as long as that CA’s certificates are present in the Client’s Trusted Root CA certificate store.

Re: ISE - EAP Authentication Certificate

kkillby — Wed, 24 Jul 2019 08:47:07 GMT

Thank you - So we can use an external CA Certificate for EAP Authentication Role on ISE whislt the clients use our internal PKI for EAP-TLS Authentication.

Re: ISE - EAP Authentication Certificate

Surendra — Wed, 24 Jul 2019 09:21:53 GMT

Yes. Both of them need not be from the same CA as long as they trust each other.

Re: ISE - EAP Authentication Certificate

kkillby — Wed, 24 Jul 2019 09:23:47 GMT

Thank you for confirming - I was finding conflicting information. I will be making this change once back from vacation.