11-03-2021 12:14 PM - edited 11-03-2021 12:15 PM
Greetings,
I have been able to successfully rollout 802.1x on windows devices over wired and wireless networks using certificates.
I have a problem with printers that support dot1x using certificates.
How a certificate for the printer can be generated ?, I am not sure whether a service account needs to be created to bind the certificate to that domain account.
I hope you can help me out.
Thanks,
Edouard.
Solved! Go to Solution.
11-03-2021 02:01 PM
Hi @EdouardZorrilla0939 it depends on the make of printer. Some printers allow you to generate a CSR on the printer itself, which you can then take and sign on your CA and import to the printer. Some manfuacturers have a print management solution which can generate and deploy the certificates centrally. Another option is to use openssl from any computer, sign the certificate on the CA and import.
11-03-2021 02:01 PM
Hi @EdouardZorrilla0939 it depends on the make of printer. Some printers allow you to generate a CSR on the printer itself, which you can then take and sign on your CA and import to the printer. Some manfuacturers have a print management solution which can generate and deploy the certificates centrally. Another option is to use openssl from any computer, sign the certificate on the CA and import.
11-03-2021 02:36 PM
Thanks Rob, when ISE validate the certificate against Active Directory (AD) to permit access.
You are correct, I did generate a certificate for my domain account and imported and it worked fine.
When I generate a certificate using the printer hostname, it doesn't work. (maybe I am doing something wrong) because ISE cannot find the printer hostname in AD. I am not sure whether I have to create a service account for the printers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide