cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

559
Views
0
Helpful
1
Replies
smano
Cisco Employee

Prevent Authentication for Certificate duplication

Hi Folks, 

 

We are working for a customer for ISE POC, standalone node running in 2.3. Basically the use case is if the customer copy the certificate from their machine and install in different machine, the ISE should need to access reject/prevent authentication for the new machine or generate some kind of alert saying the certificate is duplicated or copied? Can we do demo this test case?

 

Any help here. 

1 ACCEPTED SOLUTION

Accepted Solutions
hslai
Cisco Employee

The certificate provisioning done by ISE BYOD puts the endpoint's MAC address in the SAN of the certificate so that we may use this pre-build policy rule, which has a condition MAC_in_SAN, to verify.

 

Screen Shot 2018-08-04 at 7.53.11 PM.pngScreen Shot 2018-08-04 at 7.55.52 PM.png

View solution in original post

1 REPLY 1
hslai
Cisco Employee

The certificate provisioning done by ISE BYOD puts the endpoint's MAC address in the SAN of the certificate so that we may use this pre-build policy rule, which has a condition MAC_in_SAN, to verify.

 

Screen Shot 2018-08-04 at 7.53.11 PM.pngScreen Shot 2018-08-04 at 7.55.52 PM.png

View solution in original post

Content for Community-Ad