Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2872
Views
5
Helpful
1
Replies

ISE Certificate Revocation List (CRL) license requirement

Go to solution
ggeihsle
Cisco Employee
Cisco Employee

‎09-25-2020 06:44 AM

Does CRL validation require a specific license type in ISE? Thanks. 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎09-25-2020 08:21 AM

All certificate operations are considered part of the basic AAA authentication / authorization capabilities in the Base license. Authenticating users and endpoints with certs and checking SCEP/CRL validation is included.

Where it probably gets confusing is with BYOD because the BYOD process typically involves provisioning certificates. Provisioning a certificate for BYOD does not actually trigger the 2.x Plus license - it is the use of the EndPoints.BYODRegistration attribute or the RegisteredDevices:* endpoint groups in an authorization rule that will consume Plus licenses.

 

View solution in original post

1 Reply 1

Go to solution
thomas
Cisco Employee
Cisco Employee

‎09-25-2020 08:21 AM

All certificate operations are considered part of the basic AAA authentication / authorization capabilities in the Base license. Authenticating users and endpoints with certs and checking SCEP/CRL validation is included.

Where it probably gets confusing is with BYOD because the BYOD process typically involves provisioning certificates. Provisioning a certificate for BYOD does not actually trigger the 2.x Plus license - it is the use of the EndPoints.BYODRegistration attribute or the RegisteredDevices:* endpoint groups in an authorization rule that will consume Plus licenses.

 

Customers Also Viewed These Support Documents