11-03-2021 12:14 PM - edited 11-03-2021 12:15 PM
Greetings,
I have been able to successfully rollout 802.1x on windows devices over wired and wireless networks using certificates.
I have a problem with printers that support dot1x using certificates.
How a certificate for the printer can be generated ?, I am not sure whether a service account needs to be created to bind the certificate to that domain account.
I hope you can help me out.
Thanks,
Edouard.
Solved! Go to Solution.
11-03-2021 02:01 PM
Hi @EdouardZorrilla0939 it depends on the make of printer. Some printers allow you to generate a CSR on the printer itself, which you can then take and sign on your CA and import to the printer. Some manfuacturers have a print management solution which can generate and deploy the certificates centrally. Another option is to use openssl from any computer, sign the certificate on the CA and import.
11-03-2021 02:01 PM
Hi @EdouardZorrilla0939 it depends on the make of printer. Some printers allow you to generate a CSR on the printer itself, which you can then take and sign on your CA and import to the printer. Some manfuacturers have a print management solution which can generate and deploy the certificates centrally. Another option is to use openssl from any computer, sign the certificate on the CA and import.
11-03-2021 02:36 PM
Thanks Rob, when ISE validate the certificate against Active Directory (AD) to permit access.
You are correct, I did generate a certificate for my domain account and imported and it worked fine.
When I generate a certificate using the printer hostname, it doesn't work. (maybe I am doing something wrong) because ISE cannot find the printer hostname in AD. I am not sure whether I have to create a service account for the printers.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: