04-29-2020 08:53 AM
We currently use ISE for certificate based access to wireless SSID and EAP uses internal CA cert for that.
We also have setup Eduroam and allowed protocol uses PEAP>ms-chapv2.
On connection certificate that gets presented to the device is of internal CA. How can I change it to a Pubic CA.
If that is possible at all what would be the import type for cert as only one EAP certificate can be there on ISE.
04-29-2020 10:23 AM
hope below guide should help you :
04-29-2020 03:27 PM
ISE only supports a single EAP Server certificate - when you import/generate a new one, then it will overwrite the existing one. Technically it is possible for a RADIUS server to have more than one EAP certificate, and to present the appropriate certificate depending on the service/use-case - other vendors support this.
05-01-2020 09:58 PM
You and Arne Bier are both correct that each ISE node may have only one system certificate designated as the EAP server certificate. Please keep in mind (1) that ISE may trust multiple CA chains for EAP authentication and so do the peer (client) and (2) that the certificates of the EAP server and the EAP peer (client) need not signed by the same CA chain.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide