ISE On-Boarding process

thibaus · ‎06-21-2013

I seem to have an issue with the SCEP server when it receives the certificate request from the ISE server and I can't seem to identify why this is happening. Here are the error messages I get on the CA:

Active Directory Certificate Services denied request 75 because The certificate has invalid policy. 0x800b0113 (-2146762477). The request was for CN=a@b.com. Additional information: Error Constructing or Publishing Certificate Invalid Issuance Policies: 2.5.29.32.0

The Network Device Enrollment Service cannot submit the certificate request (The certificate has invalid policy.). 0x80004005

Any ideas?

Thanks

Marcin Latosiewicz · ‎06-22-2013

Have a look at document published by Todd

http://www.cisco.com/en/US/products/ps11640/products_tech_note09186a0080bff108.shtml

It outlines configuration needed on SCEP CA to make it work with BYOD.

manjeets · ‎08-22-2013

Kindly review the below link :

http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_61_byod_provisioning.pdf

Ravi Singh · ‎08-25-2013

Please go through the attached doc. It will help you in configuring BYOD with ISE.

Venkatesh Attuluri · ‎09-01-2013

Review this DOC for Configuring On-Boarding Using Identity Services Engine ISE

Gaj Anna · ‎09-03-2013

Hi thibaus,

I was having the same issue. What CA hirerarchy you are having? Did you manage to find the solution?

This error may be because the byod template is configured with the "all insurance policy" (OID = 2.5.29.32.0) and the CA server is unable to publish the certs using this template due to its policy restrictions. This should be workable once we enable all insurancy policy in the CA server. Looking at how to do this in the CA.

Thx