08-09-2023 02:19 AM
Our previous network engineer set up an ISE based ttls authentication to allow wifi access for users that (1. Credentials belong to our domain 2. Have a CA trusted cert). The certificate is about to expire and wondering what would be the process for it. The new certificate was generated already from the server and should I add that to ISE under trusted certifictes? Mdm is also pushing the wifi profile and the CA cert to allowed devices. Thanks in advance.
08-28-2023 11:32 AM
hey @madaraboss94
Yes, you should add the new certificate to ISE under trusted certificates. This will ensure that the ISE nodes, endpoint control systems, and supplicants are able to validate the root certificate chain. Once you have added the new certificate to the trusted certificate store in ISE, you should verify whether the root certificate chain has changed and update it accordingly. This will allow your users to continue to access the wifi network using their domain credentials and CA trusted cert.
Dont forget to make sure that your MDM is pushing the updated wifi profile and CA cert to allowed devices.
08-28-2023 01:05 PM
yes new Cert need to add to trusted and as you mentioned the Certificate need to pushed to cllents also
check some good guide ISE Certificates add and renewals
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide