03-18-2018 07:03 PM
Hi,
I have a cluster of 2 ISE v2.3 nodes, in my location we don't have an internal CA in order to generate the certificate that we can use for the user authentication using EAP.
I was thinking if we can use the Root CA feature that ISE has in order to generate that certificate, I know that I can use the self signed certificate that each server has, install those in every user computer and EAP will work.
But, what about when that certificate expires? Do I have to generate it again and then install it again in each computer?
That's why I was thinking if there is a way that I can "sign" that certificate with the internal root CA that ISE has and only install the "ISE CA Root Authority Certificate" in every computer so they will trust any certificate that will be generated by the primary node of ISE just the same way that I must do it when I have a traditional Windows or Linux CA.
What do you suggest?
Thanks in advanced.
Solved! Go to Solution.
03-19-2018 08:50 AM
The PSNs that issue certs are signed by the ISE root. During BYOD/NSP flow, the client will be issued a cert and signing cert. ISE has capability to renew certs for clients where cert is about to expire. If signing cert is expired, then just having trust of root CA is not enough. The cert chain must be trusted and if client or signing chain has expiration or revocation, then simple trust of root CA alone is not sufficient.
03-19-2018 08:50 AM
The PSNs that issue certs are signed by the ISE root. During BYOD/NSP flow, the client will be issued a cert and signing cert. ISE has capability to renew certs for clients where cert is about to expire. If signing cert is expired, then just having trust of root CA is not enough. The cert chain must be trusted and if client or signing chain has expiration or revocation, then simple trust of root CA alone is not sufficient.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide