09-30-2019 07:20 AM
Hi,
Is there a way in ISE that I can create an authorisation policy using Machine certificate? I have been trying ways to differentiate a machine cert with a user cert but as of now I have not seen a clear document on how to do so.
Thanks in advance
Jayson
Solved! Go to Solution.
09-30-2019 07:28 AM
09-30-2019 08:05 AM
Two thing here
First you can just do an AD check in the authorization phase to say:
Second if you didn't want to do an AD check you could look at the SAN field in the certificate. The SAN field, which should be the correct location for user identity, will be different for computers and users. The computers will typically have DNS name in the SAN field while users will have Principal Name or Email. So you could have something like:
The first should be a computer and the second should be a user.
09-30-2019 07:28 AM
09-30-2019 08:05 AM
Two thing here
First you can just do an AD check in the authorization phase to say:
Second if you didn't want to do an AD check you could look at the SAN field in the certificate. The SAN field, which should be the correct location for user identity, will be different for computers and users. The computers will typically have DNS name in the SAN field while users will have Principal Name or Email. So you could have something like:
The first should be a computer and the second should be a user.
10-01-2019 06:57 AM
Hi Mike,
Thanks for the reply, I was able to do this and nested a few fields in the certificate which helped us get to where we think we need to be.
Regards,
Jayson
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide