cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

426
Views
5
Helpful
1
Replies
Highlighted
Cisco Employee

ISE Certificate Revocation List (CRL) license requirement

Does CRL validation require a specific license type in ISE? Thanks. 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

All certificate operations are considered part of the basic AAA authentication / authorization capabilities in the Base license. Authenticating users and endpoints with certs and checking SCEP/CRL validation is included.

Where it probably gets confusing is with BYOD because the BYOD process typically involves provisioning certificates. Provisioning a certificate for BYOD does not actually trigger the 2.x Plus license - it is the use of the EndPoints.BYODRegistration attribute or the RegisteredDevices:* endpoint groups in an authorization rule that will consume Plus licenses.

 

View solution in original post

1 REPLY 1
Highlighted
Cisco Employee

All certificate operations are considered part of the basic AAA authentication / authorization capabilities in the Base license. Authenticating users and endpoints with certs and checking SCEP/CRL validation is included.

Where it probably gets confusing is with BYOD because the BYOD process typically involves provisioning certificates. Provisioning a certificate for BYOD does not actually trigger the 2.x Plus license - it is the use of the EndPoints.BYODRegistration attribute or the RegisteredDevices:* endpoint groups in an authorization rule that will consume Plus licenses.

 

View solution in original post

Content for Community-Ad