ISE Upgrade certiicates SHA2

malcolmpowell · ‎12-20-2017

I am planning a large ISE upgrade - 2.1 to 2.3. At the same time the desire is to move from SHA1 certificates on ISE to SHA2 certificates. The question is how will clients react and when to upgrade clients to SHA2 with 802.1x in place.

If a windows PC has both SHA1 and SHA2 certificates installed, which will it present to ISE via the windows supplicant? If ISE has a SHA2 certificate, can it still accept a SHA1 and will the client see any prompt?

Just getting ready to run this thru the lab - was wondering if anyone has been this path yet...

VijayKumarYellikanti5894 · ‎10-28-2019

Hi malcolmpowell,

I know this is an old thread, but just checking if you got a chance to test the scenario that you posted and wanted to see the outcome of it. because i am also planning to move from SHA1 to SHA2 on both ISE server and on all end users. As we dont have a test environment, trying to understand:

If a windows PC has both SHA1 and SHA2 certificates installed, which will it present to ISE via the windows supplicant? If ISE has a SHA2 certificate, can it still accept a SHA1 and will the client see any prompt?

Also, what if ISE has a SHA1 certificate on Server and clients has both SHA-1 and SHA-2?

Thanks in advance.

Thank you.