Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
162
Views
0
Helpful
1
Replies

In Cisco ISE, EAP-TLS which certificate will be install in client ?

palani2010
Level 1
Level 1

‎04-24-2025 09:35 PM

In Cisco ISE, EAP-TLS which certificate will be install in client ?

Is it system certificate or trusted certificate ?

0 Helpful
1 Reply 1

Arne Bier
VIP
VIP

‎04-28-2025 02:35 PM

In a well designed solution, you would install the CA certificate "chain" in the client's Trust Store - this includes, the Root CA and any sub-ordinate CA's that were involved in signing the ISE System Certificate.

In a well thought out system, you would have a Root CA, and at least two Issuing CA's under the Root CA. The Issuing CA's are the ones that issues the certificates to endpoints. In most organisations, the same PKI that signs the client certs is also used to sign the ISE System certs. But it's not the only way to do it. In some organisations that use ISE BYOD with a single SSID solution, the only choice is to use a public signed cert for ISE EAP System Cert. And in that case, the clients will already have most (if not all) the world's CA certs installed in the operating system's CA trust store.

0 Helpful
Customers Also Viewed These Support Documents