cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
725
Views
2
Helpful
4
Replies

ISE Authentication Certificate Audit

jcresdee
Cisco Employee
Cisco Employee

My customer is looking to perform an audit on which certificates are being used by which endpoint for authentication. They are trying to deprecate an old certificate and would like to understand which devices are still actively using it for authentication. They are using an external CA and not using ISE as a CA.  Is there a way of capturing that data in a report? If not, can we raise it as a feature request?

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

AFAIK we have no summary reports on such.

In auth detail reports, there is field TLSCipher; e.g.

TLSCipherECDHE-RSA-AES256-SHA

If that is what the customer can use for this, then either get it from individual auth detail reports or use a remote syslog target to capture it.

If you would like it as an enhancement, please contact our product management team.

View solution in original post

4 Replies 4

hslai
Cisco Employee
Cisco Employee

AFAIK we have no summary reports on such.

In auth detail reports, there is field TLSCipher; e.g.

TLSCipherECDHE-RSA-AES256-SHA

If that is what the customer can use for this, then either get it from individual auth detail reports or use a remote syslog target to capture it.

If you would like it as an enhancement, please contact our product management team.

Would you be able to tell me how I would extract the information via Syslog?

  1. Define a remote syslog target
  2. Enable auth success to (1)
  3. Test

Video Link : 17053

That is awesome, thank you so much!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: