Showing results for 
Search instead for 
Did you mean: 

Certificate for Call Manager needed for 802.1x authentication



I am trying to design a solution for a customer that requires 802.1x authentication on both their client devices and cisco ip phones. I read in a design guide that we can use an external CA signed certificate for the authentication, can someone guide me on how this can be done? Do I generate the certificate and then upload into Call Manager. And what happens next, will i have to generate a new root certificate so that i can use on  a NPS server?


I would love if someone can respond since there isn't much guides out there that discuss the process using microsoft  network policy server.

2 Replies 2

James Hawkins

Have you seen the guide at the link below?

The doc below also has some good content relating to certs which will help you understand how they work.

I've been looking for a guide like the one above, but references ISE instead of the old ACS platform.  I already had the guide linked above and it was last updated July of 2014 and it unfortunately only references ACS which was replaced by ISE. 

I am not familiar with ISE and its interface and won't get access to it for a few weeks, (our security group has a lab but its being rebuilt and upgraded so I haven't gotten access to it yet) and I wanted to get a design together before hand.  So, my question is, do you pretty much follow the same steps to get your phones authenticated with ISE as you did with ACS in the old document?  Are their interfaces so similar it doesn't necessitate a new document on Cisco's part?

I think its crazy that there's this whole new platform out there to do 802.1x on, but the only document that's floating around the internet that explains how to configure it is from over a year ago using an old platform that has been replaced.

If anyone has any answers or info that would be great.  I've searched, with every possible combo of 802.1x/Cisco IP Phone/ISE I could come up with and I always get the same results with the same old doc I've had for 6+months.  I also went through the 900+ page ISE 1.3 Admin guide and came away with nothing except bits and pieces of basic authentication info I already know. 


Thanks in advance!!


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers