04-20-2017 02:51 AM
Would you provide insight on if and what ise uses for validating the client cert ? Is the contents of the sans fields checked by default ?
Specific questions below…
The client certificate generated from ISE certificate provisioning portal has mac address in Subject Alternative Name.
Questions: 1) Does ISE verify mac address from certificate during authentication process?
2) Is it obligatory? When I use externally generated certificate without mac address in SAN will authentication fail?
Solved! Go to Solution.
04-20-2017 07:33 AM
It's done during authorization. ISE has a built-in rule and condition (MAC_in_SAN) for it. As shown, it's disabled by default but lots of deployments like to use it as an additional check.
04-20-2017 07:33 AM
It's done during authorization. ISE has a built-in rule and condition (MAC_in_SAN) for it. As shown, it's disabled by default but lots of deployments like to use it as an additional check.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide