01-23-2019 07:05 PM
Hello, a general question please regarding BYOD onboarding; when users first connect to the initial unsecure onboarding SSID, their BYOD devices will not trust the ISE certificate due it having been issued by our local CA. Understandable
Therefore is it best to purchase a public signed certificate and bind that to one of our company's public IP address and NAT that through to ISE ? That way the BYOD user devices will initially connect to a public IP with a trusted cert and no trust errors.
Or is it OK to tell users that they should just accept the initial onboarding certificate trust error they will receive ?
What do you guys do ?
Thanks kindly for any advice.
Solved! Go to Solution.
01-23-2019 10:05 PM
01-23-2019 10:05 PM
01-23-2019 10:29 PM
You can use external CA to issue BYOD certificates using SCEP. explained here- https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-software/116068-configure-product-00.html
or use ISE internal CA for BYOD provisioning.
Thanks,
Nidhi
01-24-2019 11:19 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide