Cisco Community
English
Register
We're here for you! LEARN about free offerings and business continuity best practices during the COVID-19 pandemic
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

749
Views
0
Helpful
3
Replies
Highlighted
musultan
Cisco Employee
Cisco Employee
‎01-18-2018 04:44 PM
‎01-18-2018 04:44 PM

Can ISE 2.x be act as the SCEP server for the Cisco IP phones like 8821?

Can we use the  ISE 2.0: Certificate Provisioning Portal and act as the SCEP server for the Cisco IP phones like 8821?

ISE 2.0: Certificate Provisioning Portal - Cisco

I can see that 8821 IP phones can be setup for the SCEP server.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cuipph/8821/english/adminguide/w88x_b_wireless-8821-8821ex-admin-guide/w88x_b_wireless-8821-8821ex-admin-guide_chapter_011.html#reference_7AA746980735854B1FB96BCE1D7AD1E1

+++++++++++++++++++++++

See the below

+++++++++++++++++++++++

Configure the SCEP Product Specific Configuration Parameters

You must configure the following SCEP parameters on your phone web page

  • RA IP address
  • SHA-1 or SHA-256 fingerprint of the root CA certificate for the SCEP server

The Cisco IOS Registration Authority (RA) serves as a proxy to the SCEP server. The SCEP client on the phone use the parameters that are downloaded from Cisco Unified Communication Manager. After you configure the parameters, the phone sends aSCEP getcsrequest to the RA and the root CA certificate is validated using the defined fingerprint.

  Procedure

Step 1  From the Cisco Unified Communications Manager Administration, select Device > Phone.
Step 2  Locate the phone.
Step 3  Scroll to the Product Specific Configuration Layout area.
Step 4  Check the WLAN SCEP Server check box to activate the SCEP parameter.
Step 5  Check the WLAN Root CA Fingerprint (SHA256 or SHA1) check box to activate the SCEP QED parameter.

+++++++++++++++++++++++

i do see the following ENH request;

CSCve71881   ENH: ISE2.0 (no BYOD) to provision SCEP client in ip phone like 8821


Do we have any road-map for this?

Everyone's tags (5)
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
howon
Cisco Employee
Cisco Employee
‎01-19-2018 05:55 PM
‎01-19-2018 05:55 PM

Re: Can ISE 2.x be act as the SCEP server for the Cisco IP phones like 8821?

ISE Internal CA is only for BYOD and manual provisioning via certificate portal currently. For roadmap request/questions, please reach out to the local Cisco Sales team so they can reach out to the PM.

View solution in original post

0 Helpful
Reply
3 REPLIES 3
Highlighted
thomas
Cisco Employee
Cisco Employee
‎01-19-2018 08:38 AM
‎01-19-2018 08:38 AM

Re: Can ISE 2.x be act as the SCEP server for the Cisco IP phones like 8821?

Mubasher,

I'd suggest you post your question to the Identity Services Engine (ISE) community since this is general ISE feature and not a Developer/API software integration topic. The TMEs will be able to answer your questions there.

0 Helpful
Reply
Highlighted
musultan
Cisco Employee
Cisco Employee
‎01-19-2018 05:05 PM
‎01-19-2018 05:05 PM

Re: Can ISE 2.x be act as the SCEP server for the Cisco IP phones like 8821?

Any reply on the above question?

0 Helpful
Reply
Highlighted
howon
Cisco Employee
Cisco Employee
‎01-19-2018 05:55 PM
‎01-19-2018 05:55 PM

Re: Can ISE 2.x be act as the SCEP server for the Cisco IP phones like 8821?

ISE Internal CA is only for BYOD and manual provisioning via certificate portal currently. For roadmap request/questions, please reach out to the local Cisco Sales team so they can reach out to the PM.

View solution in original post

0 Helpful
Reply
Latest Contents
FMC
Created by MassB on 06-01-2020 03:47 AM
2
0
2
0
HIDoes anyone know if there is an easier way than the belowQ. I check connection events for IOC's when requested and sometimes i have to check many url's which i am presently doing one url at a time and is very time consuming, is there a way to check mult... view more
How to: Cisco Identity Services Engine TC-NAC Integration wi...
Created by pavagupt on 05-30-2020 02:05 AM
0
0
0
0
HI   Introduction             Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. Cisco ISE supports TC-NAC inte... view more
How to Integrate Cisco Identity Services Engine with IBM Maa...
Created by pavagupt on 05-29-2020 12:45 AM
0
10
0
10
HI   Introduction Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. ISE supports external MDM vendor integration to help the customers to look for compliance of a dev... view more
AMP4E - Cisco Threat Response and ESA Integration
Created by bremarqu on 05-27-2020 09:16 AM
0
0
0
0
Hello, This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.   This is live on the portal:https://video.cisco.com/video/6159336218001   And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg   ... view more
Migrate from C170 to C190
Created by fhk_license on 05-26-2020 02:24 AM
3
0
3
0
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Cisco Community April 2020 Spotlight Award Winners

Follow our Social Media Channels