02-17-2017 02:25 AM - edited 03-11-2019 12:28 AM
Hi
Few question is if I use multiuse csr and get certificate from an external CA like godaddy,
Can I use it for eap authentication or it need from internal ca .
If I create csr for external CA ( multiuse ), Is it necessary to bind EAP or I can create a separate certificate for eap authentication from my internal CA
If I did not choose "Trust for client authentication and Syslog " while importing Root certificate and when Binding I choose EAP authentication
What will happen in that case ?
Thanks
02-17-2017 04:46 AM
Theoretically you could use a certificate from a public CA for EAP. Practically you will use your own CA.
The CA for the portals is a good candidate for public certificate to minimize certificate warnings. But with EAP you only have company managed clients which have your CA-certificate anyway. And you only want to trust the endpoint certificates of your company and not all that are issued by GoDaddy for example.
02-17-2017 05:21 AM
Hi,
Thanks for your reply .Basically this is to trust only organization owend devices ,That's why internal CA recommended .Correct me if I am wrong ?
And what is "Trust for client authentication and Syslog"
If I did not choose "Trust for client authentication and Syslog " while importing Root certificate and when Binding I choose EAP authentication what will happen .
And If i bind admin portal , EAP authentication with a certificate (multi use ) issued by public ca ,and later I want to put internal CA for EAP ,What is the procedure ?
Thanks
02-17-2017 05:39 AM
Best to start with reading the admin-guide chapter on certificates:
http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0111.html
Each certificate is bound to a specific function. This function has to be enabled to work with one of the certificates. As each function (like EAP) can only be served by one certificate, it has to be disabled on the old certificate when enabled on a different one.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide