Solved: ISE - EAP Authentication Certificate

kkillby · ‎07-23-2019

I am looking to replace the Certificate that is assigned to the EAP Authentication Role - However the question has come up:

Can this be a Public Certificate such as one signed by GoDaddy or does it need to be signed by the same CA that our Users get their Certificates from which is an internal Microsoft CA?

Thanks

Surendra · ‎07-23-2019

It can be a public CA signed certificate as long as that CA’s certificates are present in the Client’s Trusted Root CA certificate store.

View solution in original post

Surendra · ‎07-23-2019

It can be a public CA signed certificate as long as that CA’s certificates are present in the Client’s Trusted Root CA certificate store.

kkillby · ‎07-24-2019

Thank you - So we can use an external CA Certificate for EAP Authentication Role on ISE whislt the clients use our internal PKI for EAP-TLS Authentication.

Surendra · ‎07-24-2019

Yes. Both of them need not be from the same CA as long as they trust each other.

kkillby · ‎07-24-2019

Thank you for confirming - I was finding conflicting information. I will be making this change once back from vacation.