cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

604
Views
1
Helpful
4
Replies
Beginner

ISE BYOD Certificates Question

Hi, I am new to ISE so please excuse me if this is a basic question.

I am trying to configure ISE for BYOD using certificates, I have added the external CA and created a certificate template but the template doesn't show up when I configure the enrollment portal, what have I missed??

Thanks in advance!

Mike

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE BYOD Certificates Question

I agreed the wording is a bit unclear. For BYOD NSP, yes, external SCEP/CA would work.

However, I am pretty sure he meant an ISE Certificate Provisioning Portal by the "enrollment" portal. ISE certificate portals are similar to AD's /certsrv/ so they do not use SCEP to issue the certificates.


Nonetheless, thanks for your contributions.

4 REPLIES 4
Contributor

Re: ISE BYOD Certificates Question

There's a native supplicant profile where you select the certificate template. It's in Policy Results for Client Provisioning.

Cisco Employee

Re: ISE BYOD Certificates Question

ISE certificate provisioning portals are for ISE internal CA only. Thus, only the certificate templates using ISE internal CA are available for selection.

Highlighted
Contributor

Re: ISE BYOD Certificates Question

I'm pretty sure you can configure a SCEP template as well in order to go external.

It's been a while since we did it that way. We've since moved to the ISE CA for ease of use and to keep the PKI trust separate from BYOD. But I know we were getting certs created by an internal Microsoft server at one point.

Cisco Employee

Re: ISE BYOD Certificates Question

I agreed the wording is a bit unclear. For BYOD NSP, yes, external SCEP/CA would work.

However, I am pretty sure he meant an ISE Certificate Provisioning Portal by the "enrollment" portal. ISE certificate portals are similar to AD's /certsrv/ so they do not use SCEP to issue the certificates.


Nonetheless, thanks for your contributions.