03-19-2018 07:15 AM - edited 03-17-2019 12:26 PM
Hi,
I have a cluster of 2 ISE v2.3 nodes, in my location we don't have an internal CA in order to generate the certificate that we can use for the user authentication using EAP.
I was thinking if we can use the Root CA feature that ISE has in order to generate that certificate, I know that I can use the self signed certificate that each server has, install those in every user computer and EAP will work.
But, what about when that certificate expires? Do I have to generate it again and then install it again in each computer?
That's why I was thinking if there is a way that I can "sign" that certificate with the internal root CA that ISE has and only install the "ISE CA Root Authority Certificate" in every computer so they will trust any certificate that will be generated by the primary node of ISE just the same way that I must do it when I have a traditional Windows or Linux CA.
What do you suggest?
Thanks in advanced.
03-19-2018 09:25 AM
You're posting in the IP Telephony forum, might want to move this to a relevant area of CSC
03-19-2018 12:59 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide