Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

Nicholas Copeland

ISE Certificate Authentication Without a CA

I have a unique situation where I am trying to authenticate via certificates in an enviroment without a CA. I have a wildcard cert from a third party that I can place on the devices. I added the thrid party root CA in the local store on ISE but I am still using the self-signed cert from ISE in my local certs for EAP authentication. Is there a way to use a wildcard cert for device authentication or is there a way to export a cert from ISE that can be loaded on the end device fro authentication. Any help would be greatly appreciated.

Nicholas Copeland

On a side note when I use a wildcard cert I get an error that no private key is found when trying to authentictae to the ISE appliance.


Thanks Vikas.

I have since found the answer I was looking for. I talked with some of the guys in the BU and basically wildcard certs aren't supported on the end devices which make sense since it kind of eliminates the security aspect of certificate authentication.

The guides you sent still require the use of an actual CA or SCEP server in order to get the certificates to the clients.

In short I came up with a different solution that didn't use certificates.

Coming in a little late on this but my question was going to be: "What exactly is the end goal" For instance, were you looking to use EAP-TLS and if so then without a CA then you would probably need to look to something else. For instance, PEAP. However, I see that you have resolved your own issue which is great! Do you care to share with the rest of us what your solution was?

Recognize Your Peers
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (35%)

Content for Community-Ad

ISE Webinars

Did you miss a previous ISE webinar?

CiscoISE YouTube Channel