cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1117
Views
2
Helpful
3
Replies

ISE Internal CA SCEP support for Non-Anyconnect Client

mulatif
Cisco Employee
Cisco Employee

Hi,

I have a customer looking to use the SCEP client on IGEL Linux thin clients.

1. Is ISE Internal CA (with SCEP) supported for Non-Anyconnect endpoints also ?

2. Same as above, Is ISE SCEP Proxy isupported for external SCEP clients?

Naman

3 Replies 3

Jason Kunst
Cisco Employee
Cisco Employee

The ISE internal certificate server scep was created for our BYOD flow to onboard Apple iOS/macOS windows and chrome native supplicants

It has nothing to do with the anyconnect agent and should not be used for anyconnect NAM onboarding

You can also utilize the internal CA with the certificate provisioning portal to create certs for those endpoints that can’t go through the BYOD flow either manually using the portal or through API

What you’re asking for is the Linux client to onboard its certificate and native supplicant through our BYOD scep process. This may work but has not been tested or documented on how you could get it to work without one of the supported clients.

I will research and update this thread

Thanks.

hslai
Cisco Employee
Cisco Employee

The SCEP service in ISE has only been tested with ASA. See ISE as SCEP server

You are welcome to try it with another SCEP client and report your results here.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: