Using Cisco ISE Internal CA to issue function based certificates to other ISE nodes.

CCIEBret13 — Mon, 11 Mar 2019 06:25:03 GMT

Current State:

2x Admin Nodes

2x Monitoring and Logging Nodes.

2x Policy Nodes (Clustered)

Environment is running using self-signed certificates (copied from all nodes to all other nodes).

Future State:

I want to replace the self-signed certificates with certificates generated from the Cisco ISE CA. I want to split out the functionality of these certificates into separate certs for Admin/pxGrid/etc. I also want to use the Cisco ISE CA as my internal CA for device management of other systems (routers/switches/firewalls/servers). We do not have a MS CA that we can use.

What I've done so far:

1. Generated CSRs for all Servers/functions.

2. Created a Certificate Provisioning Portal.

Issues:

It appears that the Certificate Provisioning Portal is geared more towards user-based certificate generation. The templates don't allow me to create a template for FQDN or anything server related. Is there a different portal (URL) that I need to be using to generate server certificates?

It also states that Super

CCIEBret13 — Fri, 22 Jan 2016 17:26:08 GMT

It also states that Super-Admins can log into the portal, which is also not working for me. I have the Portal setup to authenticate ALL users.

topic It also states that Super in Network Access Control

Using Cisco ISE Internal CA to issue function based certificates to other ISE nodes.

It also states that Super