Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1420
Views
1
Helpful
4
Replies

ISE BYOD Certificates Question

Go to solution
mikejhathaway
Level 1
Level 1

‎07-04-2017 01:35 PM

Hi, I am new to ISE so please excuse me if this is a basic question.

I am trying to configure ISE for BYOD using certificates, I have added the external CA and created a certificate template but the template doesn't show up when I configure the enrollment portal, what have I missed??

Thanks in advance!

Mike

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Sloanstar

‎07-14-2017 07:51 PM

I agreed the wording is a bit unclear. For BYOD NSP, yes, external SCEP/CA would work.

However, I am pretty sure he meant an ISE Certificate Provisioning Portal by the "enrollment" portal. ISE certificate portals are similar to AD's /certsrv/ so they do not use SCEP to issue the certificates.


Nonetheless, thanks for your contributions.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Sloanstar
Level 5
Level 5

‎07-14-2017 09:47 AM

There's a native supplicant profile where you select the certificate template. It's in Policy Results for Client Provisioning.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-14-2017 06:45 PM

ISE certificate provisioning portals are for ISE internal CA only. Thus, only the certificate templates using ISE internal CA are available for selection.

0 Helpful

Go to solution
Sloanstar
Level 5
Level 5
In response to hslai

‎07-14-2017 07:41 PM

I'm pretty sure you can configure a SCEP template as well in order to go external.

It's been a while since we did it that way. We've since moved to the ISE CA for ease of use and to keep the PKI trust separate from BYOD. But I know we were getting certs created by an internal Microsoft server at one point.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Sloanstar

‎07-14-2017 07:51 PM

I agreed the wording is a bit unclear. For BYOD NSP, yes, external SCEP/CA would work.

However, I am pretty sure he meant an ISE Certificate Provisioning Portal by the "enrollment" portal. ISE certificate portals are similar to AD's /certsrv/ so they do not use SCEP to issue the certificates.


Nonetheless, thanks for your contributions.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents