https://community.cisco.com/t5/network-access-control/ise-byod-certificates-question/m-p/3457008#M528713 <HTML><HEAD></HEAD><BODY><P>I agreed the wording is a bit unclear. For BYOD NSP, yes, external SCEP/CA would work.</P><P><SPAN style="font-size: 10pt;">However, I am pretty sure he meant an ISE Certificate Provisioning Portal by the "enrollment" portal. ISE certificate portals are similar to AD's /certsrv/ so they do not use SCEP to issue the certificates.</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;">Nonetheless, thanks for your contributions.<BR /></SPAN></P></BODY></HTML> Sat, 15 Jul 2017 02:51:17 GMT hslai 2017-07-15T02:51:17Z https://community.cisco.com/t5/network-access-control/ise-byod-certificates-question/m-p/3457004#M528709 <HTML><HEAD></HEAD><BODY><DIV><P>Hi, I am new to ISE so please excuse me if this is a basic question.</P><P></P><P>I am trying to configure ISE for BYOD using certificates, I have added the external CA and created a certificate template but the template doesn't show up when I configure the enrollment portal, what have I missed??</P><P></P><P>Thanks in advance!</P><P></P><P>Mike</P></DIV></BODY></HTML> Tue, 04 Jul 2017 20:35:53 GMT https://community.cisco.com/t5/network-access-control/ise-byod-certificates-question/m-p/3457004#M528709 mikejhathaway 2017-07-04T20:35:53Z https://community.cisco.com/t5/network-access-control/ise-byod-certificates-question/m-p/3457005#M528710 <HTML><HEAD></HEAD><BODY><P>There's a native supplicant profile where you select the certificate template. It's in Policy Results for Client Provisioning.</P></BODY></HTML> Fri, 14 Jul 2017 16:47:38 GMT https://community.cisco.com/t5/network-access-control/ise-byod-certificates-question/m-p/3457005#M528710 Sloanstar 2017-07-14T16:47:38Z https://community.cisco.com/t5/network-access-control/ise-byod-certificates-question/m-p/3457006#M528711 <HTML><HEAD></HEAD><BODY><P>ISE certificate provisioning portals are for ISE internal CA only. Thus, only the certificate templates using ISE internal CA are available for selection.</P></BODY></HTML> Sat, 15 Jul 2017 01:45:23 GMT https://community.cisco.com/t5/network-access-control/ise-byod-certificates-question/m-p/3457006#M528711 hslai 2017-07-15T01:45:23Z https://community.cisco.com/t5/network-access-control/ise-byod-certificates-question/m-p/3457007#M528712 <HTML><HEAD></HEAD><BODY><P>I'm pretty sure you can configure a SCEP template as well in order to go external.</P><P></P><P>It's been a while since we did it that way. We've since moved to the ISE CA for ease of use and to keep the PKI trust separate from BYOD. But I know we were getting certs created by an internal Microsoft server at one point.</P></BODY></HTML> Sat, 15 Jul 2017 02:41:49 GMT https://community.cisco.com/t5/network-access-control/ise-byod-certificates-question/m-p/3457007#M528712 Sloanstar 2017-07-15T02:41:49Z https://community.cisco.com/t5/network-access-control/ise-byod-certificates-question/m-p/3457008#M528713 <HTML><HEAD></HEAD><BODY><P>I agreed the wording is a bit unclear. For BYOD NSP, yes, external SCEP/CA would work.</P><P><SPAN style="font-size: 10pt;">However, I am pretty sure he meant an ISE Certificate Provisioning Portal by the "enrollment" portal. ISE certificate portals are similar to AD's /certsrv/ so they do not use SCEP to issue the certificates.</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;">Nonetheless, thanks for your contributions.<BR /></SPAN></P></BODY></HTML> Sat, 15 Jul 2017 02:51:17 GMT https://community.cisco.com/t5/network-access-control/ise-byod-certificates-question/m-p/3457008#M528713 hslai 2017-07-15T02:51:17Z