Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1994
Views
15
Helpful
1
Replies

Authenticating a device with certificates using ISE

SMD28316
Level 1
Level 1

‎05-03-2021 02:12 AM - edited ‎05-03-2021 03:45 AM

I want to authenticate a device which is not on the domain (not connected to AD), using certificate. Is it possible to do certificate based authentication using the ISE default certificate? by generating CSR. etc.

The device doesn't allow username/password authentication, can I use the certificates only? Like when you configure SSH with pub-key.

1 Reply 1

Mike.Cifelli
VIP Alumni
VIP Alumni

‎05-03-2021 06:14 AM

Few items for consideration: Is this possibly something for another customer? If so, any chance you could enroll them with your internal PKI & use that cert to onboard the non-domain clients to your network? Who will manage the configuration of the supplicant (you/external domain)?  Also, what type of supplicant will be in use? You will need to consider how to do certificate matching if the client will have multiple identity certs from different domains.  If the clients have an identity cert and you trust the chain, have you considered simply adding the external chain into your ISE trust store to support onboarding via their own PKI certs?

Customers Also Viewed These Support Documents
Top