Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
569
Views
0
Helpful
2
Replies

ISE certificate differentiation

Go to solution
David Hatton
Level 1
Level 1

‎03-28-2014 12:12 PM - edited ‎03-10-2019 09:35 PM

Hello All,

I am trying to create different access policies for users in ISE based on which particular certificate a user may have.  Corporate owned devices will have a certificate from a local CA while non-owned devices will have a certificate from a public CA.  Is it possible to create a policy where a device with a local certificate will match policy A and a device with a public certificate will match policy B?  If so, how do I create these policies.  Thanks for any help!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎03-29-2014 01:14 AM

Since you're using 2 different CA's it would be easy to determine the differentiating factor. In authz rule when you add a condition "select a new condition", you will see attributes under certificate to select and create 2 rules.

You may also refer the below listed link if needed.

BYOD-How-To-Certificates for Differentiated Access"
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_60_byod
_certificates.pdf

 

Regards,

Jatin katyal

*Do rate helpful posts*

~Jatin

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎03-29-2014 01:14 AM

Since you're using 2 different CA's it would be easy to determine the differentiating factor. In authz rule when you add a condition "select a new condition", you will see attributes under certificate to select and create 2 rules.

You may also refer the below listed link if needed.

BYOD-How-To-Certificates for Differentiated Access"
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_60_byod
_certificates.pdf

 

Regards,

Jatin katyal

*Do rate helpful posts*

~Jatin
0 Helpful

Go to solution
David Hatton
Level 1
Level 1
In response to Jatin Katyal

‎03-31-2014 07:00 PM

Thanks Jatin,

We are running v1.1 and the options to match against a certificate issuer are not available, but it was pointed out to me that they are available in v1.2.  We will upgrade and we should be able to create the authz policies that you mentioned.

0 Helpful
Top