Solved: ISE EAP Public certificate for system and Local PKI for Endpoint

SAM1275 · ‎02-19-2023

I want to Install public certificate for ISE. and Endpoint must use local PKI certificate for authentication.
is it possible?

SAM1275 · ‎02-20-2023

you are Awesome

View solution in original post

Rob Ingram · ‎02-20-2023

@SAM1275 yes, you can use public certificate for EAP on ISE. As long as ISE has the internal root CA installed in ISE, then the client computers can use a certificate issued by the local CA to authenticate using 802.1X.

Obviously the client computers will need to trusted the public certificate use by ISE, but most computers will have the public root certificates installed as default.

SAM1275 · ‎02-20-2023

Thanks for information.

Just 1 more information i would require.

do we require to host ISE on public network or without also possible?

Rob Ingram · ‎02-20-2023

@SAM1275 no ISE does not need to be hosted on a public network, ISE would be in your internal LAN.

SAM1275 · ‎02-20-2023

Then how will get public certificate installed on ISE System for EAP authentication?

Rob Ingram · ‎02-20-2023

@SAM1275 The CA would require a public registered domain name in order to sign the certiifcate, however ISE does not need to be hosted in the public network.

You create a certificate signing request (CSR) give this to the public CA to sign and import to ISE.

SAM1275 · ‎02-20-2023

you are Awesome

asam2175 · ‎04-13-2023

What should i fill in CN and SAN?
public domain, but in ise system ip domain configured with local domain name.