Authenticating a device with certificates using ISE

SMD28316 — Mon, 03 May 2021 10:45:55 GMT

I want to authenticate a device which is not on the domain (not connected to AD), using certificate. Is it possible to do certificate based authentication using the ISE default certificate? by generating CSR. etc.

The device doesn't allow username/password authentication, can I use the certificates only? Like when you configure SSH with pub-key.

Re: Authenticating a device with certificates using ISE

Mike.Cifelli — Mon, 03 May 2021 13:14:08 GMT

Few items for consideration: Is this possibly something for another customer? If so, any chance you could enroll them with your internal PKI & use that cert to onboard the non-domain clients to your network? Who will manage the configuration of the supplicant (you/external domain)? Also, what type of supplicant will be in use? You will need to consider how to do certificate matching if the client will have multiple identity certs from different domains. If the clients have an identity cert and you trust the chain, have you considered simply adding the external chain into your ISE trust store to support onboarding via their own PKI certs?

topic Re: Authenticating a device with certificates using ISE in Network Access Control

Authenticating a device with certificates using ISE

Re: Authenticating a device with certificates using ISE