cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

404
Views
2
Helpful
3
Replies
Highlighted
Cisco Employee

ISE Internal CA SCEP support for Non-Anyconnect Client

Hi,

I have a customer looking to use the SCEP client on IGEL Linux thin clients.

1. Is ISE Internal CA (with SCEP) supported for Non-Anyconnect endpoints also ?

2. Same as above, Is ISE SCEP Proxy isupported for external SCEP clients?

Naman

Everyone's tags (2)
3 REPLIES 3
Highlighted
Cisco Employee

Re: ISE Internal CA SCEP support for Non-Anyconnect Client

The ISE internal certificate server scep was created for our BYOD flow to onboard Apple iOS/macOS windows and chrome native supplicants

It has nothing to do with the anyconnect agent and should not be used for anyconnect NAM onboarding

You can also utilize the internal CA with the certificate provisioning portal to create certs for those endpoints that can’t go through the BYOD flow either manually using the portal or through API

What you’re asking for is the Linux client to onboard its certificate and native supplicant through our BYOD scep process. This may work but has not been tested or documented on how you could get it to work without one of the supported clients.

I will research and update this thread

Highlighted
Cisco Employee

Re: ISE Internal CA SCEP support for Non-Anyconnect Client

Thanks.

Highlighted
Cisco Employee

Re: ISE Internal CA SCEP support for Non-Anyconnect Client

The SCEP service in ISE has only been tested with ASA. See ISE as SCEP server

You are welcome to try it with another SCEP client and report your results here.