cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

203
Views
2
Helpful
4
Replies
Highlighted
Cisco Employee

ISE Authentication Certificate Audit

My customer is looking to perform an audit on which certificates are being used by which endpoint for authentication. They are trying to deprecate an old certificate and would like to understand which devices are still actively using it for authentication. They are using an external CA and not using ISE as a CA.  Is there a way of capturing that data in a report? If not, can we raise it as a feature request?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: ISE Authentication Certificate Audit

AFAIK we have no summary reports on such.

In auth detail reports, there is field TLSCipher; e.g.

TLSCipherECDHE-RSA-AES256-SHA

If that is what the customer can use for this, then either get it from individual auth detail reports or use a remote syslog target to capture it.

If you would like it as an enhancement, please contact our product management team.

View solution in original post

4 REPLIES 4
Highlighted
Cisco Employee

Re: ISE Authentication Certificate Audit

AFAIK we have no summary reports on such.

In auth detail reports, there is field TLSCipher; e.g.

TLSCipherECDHE-RSA-AES256-SHA

If that is what the customer can use for this, then either get it from individual auth detail reports or use a remote syslog target to capture it.

If you would like it as an enhancement, please contact our product management team.

View solution in original post

Highlighted
Cisco Employee

Re: ISE Authentication Certificate Audit

Would you be able to tell me how I would extract the information via Syslog?

Highlighted
Cisco Employee

Re: ISE Authentication Certificate Audit

  1. Define a remote syslog target
  2. Enable auth success to (1)
  3. Test

Video Link : 17053

Highlighted
Cisco Employee

Re: ISE Authentication Certificate Audit

That is awesome, thank you so much!!