Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1447
Views
0
Helpful
2
Replies

802.1x rollout on non-windows endpoints using certs

Go to solution
EdouardZorrilla0939
Level 1
Level 1

‎11-03-2021 12:14 PM - edited ‎11-03-2021 12:15 PM

Greetings,

 

I have been able to successfully rollout 802.1x on windows devices over wired and wireless networks using certificates.

 

I have a problem with printers that support dot1x using certificates.

 

How a certificate for the printer can be generated ?, I am not sure whether a service account needs to be created to bind the certificate to that domain account.

 

I hope you can help me out.

 

Thanks,

Edouard.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎11-03-2021 02:01 PM

Hi @EdouardZorrilla0939 it depends on the make of printer. Some printers allow you to generate a CSR on the printer itself, which you can then take and sign on your CA and import to the printer. Some manfuacturers have a print management solution which can generate and deploy the certificates centrally. Another option is to use openssl from any computer, sign the certificate on the CA and import.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎11-03-2021 02:01 PM

Hi @EdouardZorrilla0939 it depends on the make of printer. Some printers allow you to generate a CSR on the printer itself, which you can then take and sign on your CA and import to the printer. Some manfuacturers have a print management solution which can generate and deploy the certificates centrally. Another option is to use openssl from any computer, sign the certificate on the CA and import.

0 Helpful

Go to solution
EdouardZorrilla0939
Level 1
Level 1
In response to Rob Ingram

‎11-03-2021 02:36 PM

Thanks Rob, when ISE validate the certificate against Active Directory (AD) to permit access. 

 

You are correct, I did generate a certificate for my domain account and imported and it worked fine.

 

When I generate a certificate using the printer hostname, it doesn't work. (maybe I am doing something wrong) because ISE cannot find the printer hostname in AD. I am not sure whether I have to create a service account for the printers.

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents