07-04-2017 01:35 PM
Hi, I am new to ISE so please excuse me if this is a basic question.
I am trying to configure ISE for BYOD using certificates, I have added the external CA and created a certificate template but the template doesn't show up when I configure the enrollment portal, what have I missed??
Thanks in advance!
Mike
Solved! Go to Solution.
07-14-2017 07:51 PM
I agreed the wording is a bit unclear. For BYOD NSP, yes, external SCEP/CA would work.
However, I am pretty sure he meant an ISE Certificate Provisioning Portal by the "enrollment" portal. ISE certificate portals are similar to AD's /certsrv/ so they do not use SCEP to issue the certificates.
Nonetheless, thanks for your contributions.
07-14-2017 09:47 AM
There's a native supplicant profile where you select the certificate template. It's in Policy Results for Client Provisioning.
07-14-2017 06:45 PM
ISE certificate provisioning portals are for ISE internal CA only. Thus, only the certificate templates using ISE internal CA are available for selection.
07-14-2017 07:41 PM
I'm pretty sure you can configure a SCEP template as well in order to go external.
It's been a while since we did it that way. We've since moved to the ISE CA for ease of use and to keep the PKI trust separate from BYOD. But I know we were getting certs created by an internal Microsoft server at one point.
07-14-2017 07:51 PM
I agreed the wording is a bit unclear. For BYOD NSP, yes, external SCEP/CA would work.
However, I am pretty sure he meant an ISE Certificate Provisioning Portal by the "enrollment" portal. ISE certificate portals are similar to AD's /certsrv/ so they do not use SCEP to issue the certificates.
Nonetheless, thanks for your contributions.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: