Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
926
Views
0
Helpful
5
Replies

Cisco ISE Reports

msporleder
Level 1
Level 1

‎02-08-2017 07:39 AM - edited ‎03-11-2019 12:26 AM

Hello everyone,

is there any possibility how to create a report in ISE (1.1.4.218 or 1.4.0.253) where I can display the the "Issuer - Common Name" of the client/user-certificate?

Thank you very much in advance!

Regards,
Manuel

-- Regards, Manuel
Labels:
0 Helpful
5 Replies 5

Gagandeep Singh
Cisco Employee
Cisco Employee

‎02-08-2017 10:24 AM

Could you please confirm the following :

1) Are you talking about CN to to be check during user authentication in ISE.

2) Looking for where endpoint-user certificate is present in ISE.

Regards

Gagan

0 Helpful

msporleder
Level 1
Level 1
In response to Gagandeep Singh

‎02-14-2017 05:54 AM

Hello Gagan,

sorry for replying so late.


I am talking about the Common Name of the issuer of a client-certificate.
Like: This client-certificate was issued by CA ??? .

Regards
Manuel

-- Regards, Manuel
0 Helpful

Gagandeep Singh
Cisco Employee
Cisco Employee
In response to msporleder

‎02-14-2017 08:23 AM

Yes, ISE has the capability to fetch just the CN of the certificate and take it to AD for checking the user authentication.

Also there is a binary comparison of certificate received from client and match it with certificate present in AD.

Administration > Identity > External identity store > Certificate authentication profile.

Hope it answers you query!!!!

Regards

Gagan

PS : rate if it helps!!!!!

0 Helpful

msporleder
Level 1
Level 1
In response to Gagandeep Singh

‎02-15-2017 01:13 AM

Hello Gagan,

I know that the ISE has all the informations. But I dont see any chance to create a custom report where I can filter for the CN of the client-certificate-issuer.

And this is what I would like to do.

Or to have a column in the live authentications where I can filter for that attribute.

What I did as a workaroung: I created many authorization-rules where I also ask for the attribute "CERTIFICATE:Issuer - Common Name" and then as the result I crated different authorization profiles (basically all with the same attribute details but with different names).

So now I can filter on the name of the authorization profiles...

But from my point of view this is not a good way to handle this.

Especially all the informations are in the systems database, only I can not create a report where I can ask for all attributes I'd like to.

Regards
Manuel

-- Regards, Manuel
0 Helpful

Gagandeep Singh
Cisco Employee
Cisco Employee
In response to msporleder

‎02-16-2017 07:09 PM

Hi Manuel,

I know there is no option in live reports for specific search on CN. However if you open any live authentication for AD authentication. You'll find CN resolved identities in report.

Let me know of any queries on this...

Regards

Gagan

PS : rate if it helps!!!!!

0 Helpful
Customers Also Viewed These Support Documents