Solved: Re: Cisco ISE and user certificates

derekinglis · ‎12-06-2018

Hello,

Was just a quick query around ISE certificates... Is there any way possible where an ISE box can dictate what certificate the end users laptop will choose?

I have a customer where his laptop was successfully using the WiFi and the correct certificate, he was then disconnected and when reconnecting his laptop is chose a different certificate, a remote access one rather than the correct ECDSA one.

I have checked the laptop wireless settings and the ECDSA certificate has been ticked and I have also tried ticking the 'Do not prompt user to authorize new servers or trusted certification' box, but the laptop is still trying to use the remote access certificate.

I think it's the end users laptop or group policy that is causing the issue but they have asked if I could ask in the Cisco Community just incase

Many thanks for any advice!

Surendra · ‎12-06-2018

Straight answer : No. ISE cannot make the PC choose which certificate should be presented.

View solution in original post

Surendra · ‎12-06-2018

Straight answer : No. ISE cannot make the PC choose which certificate should be presented.

derekinglis · ‎12-06-2018

Hello,

That's what i expected, many thanks for the response!

derekinglis

paul · ‎12-06-2018

If this is a major issue you would probably have to change to AnyConnect NAM for the client supplicant which allows advanced certificate selection logic.