cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
772
Views
0
Helpful
1
Replies

Prevent Authentication for Certificate duplication

smano
Cisco Employee
Cisco Employee

Hi Folks, 

 

We are working for a customer for ISE POC, standalone node running in 2.3. Basically the use case is if the customer copy the certificate from their machine and install in different machine, the ISE should need to access reject/prevent authentication for the new machine or generate some kind of alert saying the certificate is duplicated or copied? Can we do demo this test case?

 

Any help here. 

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

The certificate provisioning done by ISE BYOD puts the endpoint's MAC address in the SAN of the certificate so that we may use this pre-build policy rule, which has a condition MAC_in_SAN, to verify.

 

Screen Shot 2018-08-04 at 7.53.11 PM.pngScreen Shot 2018-08-04 at 7.55.52 PM.png

View solution in original post

1 Reply 1

hslai
Cisco Employee
Cisco Employee

The certificate provisioning done by ISE BYOD puts the endpoint's MAC address in the SAN of the certificate so that we may use this pre-build policy rule, which has a condition MAC_in_SAN, to verify.

 

Screen Shot 2018-08-04 at 7.53.11 PM.pngScreen Shot 2018-08-04 at 7.55.52 PM.png

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: