Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
559
Views
1
Helpful
4
Replies

Cisco ISE Certificate

patrickbyrne456305724
Level 1
Level 1

‎03-13-2023 04:12 AM

Hi all,

I have a query; currently we have ISE set up where end users get authenticated via certificate issued by a CA that will soon be defunct.

So I want to set up a few (Test) end-users to authenticate their Certificate from another CA authority, and once thats ok, then migrate all users to the new CA Certificate. Can someone guide me with correct steps in doing this. I have a fear that when I add in the new CA Cert then all exisitng end users may have a problem.?

All help much appreciated

Labels:
0 Helpful
4 Replies 4

patrickbyrne456305724
Level 1
Level 1

‎03-13-2023 04:32 AM

Hi all,

I have a query; currently we have ISE set up where end users get authenticated via certificate issued by a CA that will soon be defunct.

So I want to set up a few (Test) end-users to authenticate their Certificate from another CA authority, and once thats ok, then migrate all users to the new CA Certificate. Can someone guide me with correct steps in doing this. I have a fear that when I add in the new CA Cert then all exisitng end users may have a problem.?

All help much appreciated

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to patrickbyrne456305724

‎03-13-2023 06:05 AM

ISE should have new CA Certs, and Client need to have Root and end cert to be published to clients (for testing some users) - thorugh group policy or any other method you have.

Check below guide to configure new Certificate :

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217191-configuration-guide-to-certificate-renew.html

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215621-tls-ssl-certificates-in-ise.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

patrickbyrne456305724
Level 1
Level 1
In response to balaji.bandi

‎03-13-2023 07:02 AM

Hi there,

Our users will get their root and cert published to clients via Active Directory etc. So I am assuming I need to get new Root CA and install it into "Trusted Certs" section and that should be it???

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to patrickbyrne456305724

‎03-15-2023 07:23 PM

yes correct, you need to add the ISE Trust store and also clients should accept the same cert, you can do testing with test device by adding new cert before you going to do a mass deployment to all clients

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents