https://community.cisco.com/t5/wireless/cisco-ise-root-ca/m-p/2445971#M17959 <P>Hi all,</P><P>I have a query on onboarding iOS, Android and windows devices through Cisco ISE.</P><P>I understood that we are going to provision and onboard above devices issuing certificates.</P><P>Do ISE has Certificate authority where it can generate its own Root CA and Intermediate CA signed by root CA and device certificates signed by intermediate CA i mean profile signing CA???</P><P>Or else we need to create CSR and send it to CA to get it signed . then we have to import root, intermediate CA's to ISE. CA's like godaddy ,verisign...when we send CSR .. do they send &nbsp;root certificate, intermediate certificate and signed certificate??</P><P>Thanks</P><P>Srikanth</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 05 Jul 2021 07:33:04 GMT srikanth.soogoor 2021-07-05T07:33:04Z https://community.cisco.com/t5/wireless/cisco-ise-root-ca/m-p/2445971#M17959 <P>Hi all,</P><P>I have a query on onboarding iOS, Android and windows devices through Cisco ISE.</P><P>I understood that we are going to provision and onboard above devices issuing certificates.</P><P>Do ISE has Certificate authority where it can generate its own Root CA and Intermediate CA signed by root CA and device certificates signed by intermediate CA i mean profile signing CA???</P><P>Or else we need to create CSR and send it to CA to get it signed . then we have to import root, intermediate CA's to ISE. CA's like godaddy ,verisign...when we send CSR .. do they send &nbsp;root certificate, intermediate certificate and signed certificate??</P><P>Thanks</P><P>Srikanth</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 05 Jul 2021 07:33:04 GMT https://community.cisco.com/t5/wireless/cisco-ise-root-ca/m-p/2445971#M17959 srikanth.soogoor 2021-07-05T07:33:04Z https://community.cisco.com/t5/wireless/cisco-ise-root-ca/m-p/2445972#M17960 <P>HI,</P><P>After installation, ISE generates, by default, a self-signed local certificate and private key, and stores them on the server. &nbsp;ISE authenticates itself to clients using the default self-signed certificate that is created at the time of installation. This self-signed certificate is used for both HTTPS and EAP protocols to authenticate clients. This self-signed certificate is valid for one year and its key length is set to 1024 bits. At the time of generation, this certificate is used for both EAP and HTTPS protocols.</P><P>&nbsp;</P><P>Cisco strongly recommends installing a CA-signed certificate.(Dont use self generated certificare from ISE).</P><P>Process for certificate deployment:see the link:</P><P>https://www.youtube.com/watch?v=d-ro6P2Azl8</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 26 Mar 2014 16:59:32 GMT https://community.cisco.com/t5/wireless/cisco-ise-root-ca/m-p/2445972#M17960 Sandeep Choudhary 2014-03-26T16:59:32Z https://community.cisco.com/t5/wireless/cisco-ise-root-ca/m-p/2445973#M17961 <P>Yes, Sandeep is correct. You may also check the below link,</P><P>http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_e_man_cert.html</P> Mon, 31 Mar 2014 23:10:07 GMT https://community.cisco.com/t5/wireless/cisco-ise-root-ca/m-p/2445973#M17961 Anas Naqvi 2014-03-31T23:10:07Z https://community.cisco.com/t5/wireless/cisco-ise-root-ca/m-p/2445974#M17962 <P>Hi Sandeep,</P><P>Yes i understood that. yes i do agree that Self-signed certificate is used l3 authentication and EAp-methods</P><P>During provisiong of BYOD's , i understood that client certificate is pushed to perform EAP-TLS(iOS) and credentials for Android (PEAP-MsCHAPV2). As there is no CA capability for ISE how it will issue certificates to client devices???</P><P>&nbsp;</P> Tue, 01 Apr 2014 07:35:06 GMT https://community.cisco.com/t5/wireless/cisco-ise-root-ca/m-p/2445974#M17962 srikanth.soogoor 2014-04-01T07:35:06Z