cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2039
Views
5
Helpful
2
Replies

ISE PEAP or EAP-TLS Authentication with ISE Generated Self-Signed Cert

laurathaqi
Level 3
Level 3

Dear community, 

 

Is there an option on using a ISE Self Signed Certificate, when doing PEAP or EAP-TLS Authentication and Authorization? 

 

What am looking for is generating a Self-Signed cert in ISE Portal, and use that Certificate in computers and users, for them to authenticate and authorize against ISE.  

 

This, due the client has an Active Directory but does not have a Certificate Authority under control. And its making us impossible to use the Root Certificate from the Enterprise CA. 

 

Looking forward to hear your thoughts and recommendations! 

 

Thank you,

Laura 

1 Accepted Solution

Accepted Solutions

Hi @laurathaqi you could use a self-signed root certificate, just install that in the trusted certificate authority of the computers and use PEAP/MSCHAPv2.

 

You could get the ISE EAP certificate signed by a public CA, which most devices will automatically trust, therefore you'd not need to distribute the ISE root CA certificate to the computers.

 

Alternatively you could use the ISE Internal CA to issue user/computer certificates, but that's only recommended for BYOD scenarios.

View solution in original post

2 Replies 2

Hi @laurathaqi you could use a self-signed root certificate, just install that in the trusted certificate authority of the computers and use PEAP/MSCHAPv2.

 

You could get the ISE EAP certificate signed by a public CA, which most devices will automatically trust, therefore you'd not need to distribute the ISE root CA certificate to the computers.

 

Alternatively you could use the ISE Internal CA to issue user/computer certificates, but that's only recommended for BYOD scenarios.

Hi @Rob Ingram 

 

Thank you for the Much valuable information shared with my. Just what I was looking to hear from this great community. 

 

 

Best wishes,

Laura