cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

749
Views
0
Helpful
3
Replies
Highlighted
Cisco Employee

Can ISE 2.x be act as the SCEP server for the Cisco IP phones like 8821?

Can we use the  ISE 2.0: Certificate Provisioning Portal and act as the SCEP server for the Cisco IP phones like 8821?

ISE 2.0: Certificate Provisioning Portal - Cisco

I can see that 8821 IP phones can be setup for the SCEP server.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cuipph/8821/english/adminguide/w88x_b_wireless-8821-8821ex-admin-guide/w88x_b_wireless-8821-8821ex-admin-guide_chapter_011.html#reference_7AA746980735854B1FB96BCE1D7AD1E1

+++++++++++++++++++++++

See the below

+++++++++++++++++++++++

Configure the SCEP Product Specific Configuration Parameters

You must configure the following SCEP parameters on your phone web page

  • RA IP address
  • SHA-1 or SHA-256 fingerprint of the root CA certificate for the SCEP server

The Cisco IOS Registration Authority (RA) serves as a proxy to the SCEP server. The SCEP client on the phone use the parameters that are downloaded from Cisco Unified Communication Manager. After you configure the parameters, the phone sends aSCEP getcsrequest to the RA and the root CA certificate is validated using the defined fingerprint.

  Procedure


Step 1  From the Cisco Unified Communications Manager Administration, select Device > Phone.
Step 2  Locate the phone.
Step 3  Scroll to the Product Specific Configuration Layout area.
Step 4  Check the WLAN SCEP Server check box to activate the SCEP parameter.
Step 5  Check the WLAN Root CA Fingerprint (SHA256 or SHA1) check box to activate the SCEP QED parameter.

+++++++++++++++++++++++

i do see the following ENH request;

CSCve71881   ENH: ISE2.0 (no BYOD) to provision SCEP client in ip phone like 8821


Do we have any road-map for this?

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Can ISE 2.x be act as the SCEP server for the Cisco IP phones like 8821?

ISE Internal CA is only for BYOD and manual provisioning via certificate portal currently. For roadmap request/questions, please reach out to the local Cisco Sales team so they can reach out to the PM.

View solution in original post

3 REPLIES 3
Highlighted
Cisco Employee

Re: Can ISE 2.x be act as the SCEP server for the Cisco IP phones like 8821?

Mubasher,

I'd suggest you post your question to the Identity Services Engine (ISE) community since this is general ISE feature and not a Developer/API software integration topic. The TMEs will be able to answer your questions there.

Highlighted
Cisco Employee

Re: Can ISE 2.x be act as the SCEP server for the Cisco IP phones like 8821?

Any reply on the above question?

Highlighted
Cisco Employee

Re: Can ISE 2.x be act as the SCEP server for the Cisco IP phones like 8821?

ISE Internal CA is only for BYOD and manual provisioning via certificate portal currently. For roadmap request/questions, please reach out to the local Cisco Sales team so they can reach out to the PM.

View solution in original post