Solved: Automate Cisco ISE certificate renewal

aditya.k.sahu · ‎05-29-2019

Hi,

Is there a way to automate ISE certificate renewal process? We have venafi and there is some option in venafi to do it. Is this possible?

Jason Kunst · ‎05-29-2019

Are you talking about the ISE nodes themselves doing an automated onboarding? No there is not a feature like this. I will check but maybe can be done via API but doubtful

View solution in original post

Jason Kunst · ‎05-29-2019

Are you talking about the ISE nodes themselves doing an automated onboarding? No there is not a feature like this. I will check but maybe can be done via API but doubtful

Arne Bier · ‎05-29-2019

Great question from @aditya.k.sahu - I am not a Microsoft guy but I recently enabled our company's Microsoft CA to auto-enroll our desktop and laptop machines and user certs via group policy. This works well in this ecosystem and we never have to worry ever again about any of our windows certs expiring, as long as these machines stay domain joined.

That got me thinking - ISE is also domain joined...fair enough, it's not a Windows PC, but there might be some potential to have ISE be managed like a Windows workstation - at least, to enable auto-enrol. Maybe it's too far fetched, but this would be great - at least for the Admin and EAP cert.

For Portal certs it would be great if there were some link to LetsEncrypt to have that cert automatically taken care of. Why should we spend thousands of dollars every year to CA's - those guys just print their own money :-(

Jason Kunst · ‎05-29-2019

Please provide http://cs.co/ise-feedback you know the drill haha