BYOD Authentication + Proxy Certification Download

Alex D. Silva Gutierrez · ‎01-12-2017

Hello Folks.

First i would like to say that i have little experience with ISE, please bare with me.

Now in our office, we have the following scenario.

We have a proxy service(websense) and we need to extended this service to our BYOD users. To be able to filter contents on our BYOD device. We need that the ISE or WLC to distribute the proxy certification after user been authenticate.

Does anyone has something the same scenario ?

If anyone have some guide or something like, please share with me, i will be gladly to know more about ISE.

Best Regards,

Alex Gutierrez

Rahul Govindan · ‎01-12-2017

So is the certificate that you want to distribute is an SSL certificate issued to the Websense device or the CA cert that issued the websense cert? You can enroll the BYOD users with same external CA as websense is using so that they receive the CA chain bundle along with their own endpoint certificate. More details:

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-software/116068-configure-product-00.html

Alex D. Silva Gutierrez · ‎01-18-2017

Hello Rahul,

Thank you for you reply.

Actually, the Websense certificate is needed in order the mobile to navigate on Internet(All web traffic is redirected to Websense via WCCP).

We need to distribute the Websense certificate to mobile via Radius Authentication, i do not know if ISE BYOD can be use for this.

If you have more information, please let me know.

Rahul Govindan · ‎01-18-2017

Not that I am aware of. BYOD is used to enroll and distribute user certs. You would have to use GPO for distributing the websense certificate to cert store on the machines.

Alternatively, you can use some kind of MDM solution to do the same. I just checked my Meraki Dashboard and I can push a cert to the device using the Systems Manager.