07-16-2024 05:44 AM
Hello,
I need to issue computer certificates to be used for EAP-FAST machine authentication but unfortunately site has issues with MS CA so I'm wondering if I can use ISE internal CA to do the same task ? I know there is certificate provisioning portal but it seems it issue user certificates only.
Regards,
Mahmoud
07-16-2024 07:14 AM
Why EAP-FAST? Why not TEAP? Why use Cisco Secure Client NAM at all? The ISE internal CA is only designed for BYOD use-cases. It should not be used for an enterprise CA. I would focus efforts on fixing the issues with MS Active Directory Certificate Services.
07-16-2024 11:16 PM
I think i managed to do it for a difficult customer a while back but as mentioned earlier by other poster, it is not designed nor recommended. there is no option to renew a cert etc... best to use a MS internal CA that is what majority of customer use especially if you have a windows machines or use a MDM/intune..
07-17-2024 08:06 AM - edited 07-17-2024 08:06 AM
Possible - yes. Recommended - definitely not. As others mentioned already, it's not what the ISE CA is designed to do.
It's MUCH easier to just build a new Windows CA and issue certificates from it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide