cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1128
Views
0
Helpful
1
Replies

How to provision a certificate from ISE internal CA to Windows device using SCEP

cameronreeves
Level 1
Level 1

I have a challenge associated with how to deploy a machine based wireless profile to a shared Windows device to connect to a wireless network. Authentication for these types of devices is using a certificate (machine authentication is not possible due to the AD configuration and the associated trusts). Ultimately I am chasing whether windows native commands can be used to provision a certificate using the ISE SCEP URL. I am running ISE 2.1 with patch 2.

Whilst I have the client provisioning process within ISE functioning, this is only applicable to user specific devices where ISE will deploy a user profile to a device. If ISE could provision a machine based profile this issue would not exist.

I have existing batch files and processes available for provisioning a certificate from a Microsoft CA, but the interaction with the ISE SCEP process is where I am getting unstuck. Any assistance with how to provision a certificate from ISE' CA to a windows device would be appreciated.

The big issue here is the ability to connect a Windows (or Mac) device to a wireless network to facilitate user authentication to an Active Directory domain.

1 Accepted Solution

Accepted Solutions

Craig Hyps
Level 10
Level 10

ISE BYOD is limited to user profiles for Windows.

View solution in original post

1 Reply 1

Craig Hyps
Level 10
Level 10

ISE BYOD is limited to user profiles for Windows.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: