cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

730
Views
0
Helpful
1
Replies
cameronreeves
Beginner

How to provision a certificate from ISE internal CA to Windows device using SCEP

I have a challenge associated with how to deploy a machine based wireless profile to a shared Windows device to connect to a wireless network. Authentication for these types of devices is using a certificate (machine authentication is not possible due to the AD configuration and the associated trusts). Ultimately I am chasing whether windows native commands can be used to provision a certificate using the ISE SCEP URL. I am running ISE 2.1 with patch 2.

Whilst I have the client provisioning process within ISE functioning, this is only applicable to user specific devices where ISE will deploy a user profile to a device. If ISE could provision a machine based profile this issue would not exist.

I have existing batch files and processes available for provisioning a certificate from a Microsoft CA, but the interaction with the ISE SCEP process is where I am getting unstuck. Any assistance with how to provision a certificate from ISE' CA to a windows device would be appreciated.

The big issue here is the ability to connect a Windows (or Mac) device to a wireless network to facilitate user authentication to an Active Directory domain.

1 ACCEPTED SOLUTION

Accepted Solutions
Craig Hyps
Advocate

ISE BYOD is limited to user profiles for Windows.

View solution in original post

1 REPLY 1
Craig Hyps
Advocate

ISE BYOD is limited to user profiles for Windows.

View solution in original post

Content for Community-Ad