Solved: ISE internal CA management

rovargas · ‎10-06-2017

Is there any way to access/manage the ISE CA issued certificates via API/CLI? API seems to support just managing the Certificate template, but not the issued certificates.

Also, when ISE CA issues a certificate, is there any way to get a notification to an admin before the issued certificate expires?

Thanks in advance

hslai · ‎10-06-2017

End Point Certificates API is there to create/issue certificates.

No notification to an admin before the issued certificates expire. However, we may redirect the sessions to a guest portal to go through BYOD again when the certificates are close to expire.

View solution in original post

hslai · ‎10-06-2017

End Point Certificates API is there to create/issue certificates.

No notification to an admin before the issued certificates expire. However, we may redirect the sessions to a guest portal to go through BYOD again when the certificates are close to expire.

kthiruve · ‎10-06-2017

Please see the alarm section on Certificate expiration and endpoint certificate expiry for details.

You can configure Alarms in ISE to send a notification (Administration~~>System~~>Settings-->Alarm Settings), edit the alarm, go to alarm configuration or alarm notification to send email/syslog notification when these are generated.

Those are the only options available in ISE, as Hsing pointed out I don’t think you have notifications before endpoint certificate expiry however for general deployment certificate expiration we have options.

In your authorization policy you can also create authorization conditions with Days to expiry and redirect to a portal

-Krishnan