Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
214
Views
0
Helpful
2
Replies

Need some guidance with ISE.

madaraboss94
Level 1
Level 1

‎08-09-2023 02:19 AM

Our previous network engineer set up an ISE based ttls authentication to allow wifi access for users that (1. Credentials belong to our domain 2. Have a CA trusted cert). The certificate is about to expire and wondering what would be the process for it. The new certificate was generated already from the server and should I add that to ISE under trusted certifictes? Mdm is also pushing the wifi profile and the CA cert to allowed devices. Thanks in advance.

omegle xender
Labels:
0 Helpful
2 Replies 2

hemohemoh
Level 1
Level 1

‎08-28-2023 11:32 AM

hey @madaraboss94 

Yes, you should add the new certificate to ISE under trusted certificates. This will ensure that the ISE nodes, endpoint control systems, and supplicants are able to validate the root certificate chain. Once you have added the new certificate to the trusted certificate store in ISE, you should verify whether the root certificate chain has changed and update it accordingly. This will allow your users to continue to access the wifi network using their domain credentials and CA trusted cert.

Dont forget to make sure that your MDM is pushing the updated wifi profile and CA cert to allowed devices.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎08-28-2023 01:05 PM

yes new Cert need to add to trusted and as you mentioned the Certificate need to pushed to cllents also

check some good guide ISE Certificates add and renewals

https://community.cisco.com/t5/security-knowledge-base/how-to-implement-digital-certificates-in-ise/ta-p/3630897

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents