Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
2
Replies

ISE 2.3 Root CA feature to sign EAP Certificate

alfonso.cornejo
Level 3
Level 3

‎03-19-2018 07:15 AM - edited ‎03-17-2019 12:26 PM

Hi,

 

I have a cluster of 2 ISE v2.3 nodes, in my location we don't have an internal CA in order to generate the certificate that we can use for the user authentication using EAP.

 

I was thinking if we can use the Root CA feature that ISE has in order to generate that certificate, I know that I can use the self signed certificate that each server has, install those in every user computer and EAP will work.

 

But, what about when that certificate expires? Do I have to generate it again and then install it again in each computer?

 

That's why I was thinking if there is a way that I can "sign" that certificate with the internal root CA that ISE has and only install the "ISE CA Root Authority Certificate" in every computer so they will trust any certificate that will be generated by the primary node of ISE just the same way that I must do it when I have a traditional Windows or Linux CA.

 

What do you suggest?

 

Thanks in advanced.

Labels:
0 Helpful
2 Replies 2

Jaime Valencia
Cisco Employee
Cisco Employee

‎03-19-2018 09:25 AM

You're posting in the IP Telephony forum, might want to move this to a relevant area of CSC

HTH

java

if this helps, please rate
0 Helpful

alfonso.cornejo
Level 3
Level 3
In response to Jaime Valencia

‎03-19-2018 12:59 PM

You are right, I'll move it.

Thanks,
0 Helpful
Customers Also Viewed These Support Documents