topic ISE CA CSR in Network Access Control

ISE CA CSR

nloverin — Sun, 18 Feb 2018 23:15:20 GMT

Hey guys,

I've looked through the docs and the UI, but I cannot find an answer. Can the ISE CA be used to sign CSRs?

Thanks.

Neil

Re: ISE CA CSR

Jason Kunst — Sun, 18 Feb 2018 23:43:01 GMT

ISE internal CA can be used to deliver certificates for BYOD devices (through BYOD flow), iot devices authenticating To Ise, for example cameras security or pxgrid clients

It’s not meant to be used for servers in your environment

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_00.html#concept_170E4F1CA46A404AA4C818C02226C8F2

Re: ISE CA CSR

hslai — Mon, 19 Feb 2018 04:59:20 GMT

Adding to Jason's.

If the CSRs are for pxGrid clients or the like, you may use either the certificate provisioning portal in ISE 2.0+ or the pxGrid UI (Administration > pxGrid Services > Certificates) to sign the existing certificates in ISE 2.2+.