Solved: Re: ISE PEAP or EAP-TLS Authentication with ISE Generated Self-Signed

laurathaqi · ‎03-22-2022

Dear community,

Is there an option on using a ISE Self Signed Certificate, when doing PEAP or EAP-TLS Authentication and Authorization?

What am looking for is generating a Self-Signed cert in ISE Portal, and use that Certificate in computers and users, for them to authenticate and authorize against ISE.

This, due the client has an Active Directory but does not have a Certificate Authority under control. And its making us impossible to use the Root Certificate from the Enterprise CA.

Looking forward to hear your thoughts and recommendations!

Thank you,

Laura

Rob Ingram · ‎03-22-2022

Hi @laurathaqi you could use a self-signed root certificate, just install that in the trusted certificate authority of the computers and use PEAP/MSCHAPv2.

You could get the ISE EAP certificate signed by a public CA, which most devices will automatically trust, therefore you'd not need to distribute the ISE root CA certificate to the computers.

Alternatively you could use the ISE Internal CA to issue user/computer certificates, but that's only recommended for BYOD scenarios.

View solution in original post

Rob Ingram · ‎03-22-2022

Hi @laurathaqi you could use a self-signed root certificate, just install that in the trusted certificate authority of the computers and use PEAP/MSCHAPv2.

You could get the ISE EAP certificate signed by a public CA, which most devices will automatically trust, therefore you'd not need to distribute the ISE root CA certificate to the computers.

Alternatively you could use the ISE Internal CA to issue user/computer certificates, but that's only recommended for BYOD scenarios.

laurathaqi · ‎03-22-2022

Hi @Rob Ingram

Thank you for the Much valuable information shared with my. Just what I was looking to hear from this great community.

Best wishes,

Laura

ISE PEAP or EAP-TLS Authentication with ISE Generated Self-Signed Cert