cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

110
Views
0
Helpful
3
Replies
Highlighted
Beginner

Automate Cisco ISE certificate renewal

Hi,

Is there a way to automate ISE certificate renewal process? We have venafi and there is some option in venafi to do it. Is this possible?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Automate Cisco ISE certificate renewal

Are you talking about the ISE nodes themselves doing an automated onboarding? No there is not a feature like this. I will check but maybe can be done via API but doubtful
3 REPLIES 3
Cisco Employee

Re: Automate Cisco ISE certificate renewal

Are you talking about the ISE nodes themselves doing an automated onboarding? No there is not a feature like this. I will check but maybe can be done via API but doubtful
VIP Engager

Re: Automate Cisco ISE certificate renewal

 Great question from @aditya.k.sahu  - I am not a Microsoft guy but I recently enabled our company's Microsoft CA to auto-enroll our desktop and laptop machines and user certs via group policy.  This works well in this ecosystem and we never have to worry ever again about any of our windows certs expiring, as long as these machines stay domain joined.

That got me thinking - ISE is also domain joined...fair enough, it's not a Windows PC, but there might be some potential to have ISE be managed like a Windows workstation - at least, to enable auto-enrol.  Maybe it's too far fetched, but this would be great - at least for the Admin and EAP cert.  

For Portal certs it would be great if there were some link to LetsEncrypt to have that cert automatically taken care of.  Why should we spend thousands of dollars every year to CA's - those guys just print their own money :-(

Cisco Employee

Re: Automate Cisco ISE certificate renewal

Please provide http://cs.co/ise-feedback you know the drill haha