03-12-2015 10:22 AM - edited 03-10-2019 10:32 PM
EAP-TLS is using for machine authentication with Cisco ISE and 802.1X. The root certificate that signed the client certificates is about to expire. I understand we can just add the new root certificate in the trusted store of the ISE servers, but how to handle this on the client side. Our customer is using Windows 7 PC''s and the certificate used for authentication is stored in the personal computer store. Is it possible i.e. to have two client certificates in that store and if so how can it be determined which certificate will be used for the EAP-TLS session?
03-12-2015 11:10 PM
Yes, you can have 2 client certificates. While authenticating via EAP-TLS, user will be prompted to choose the user certificate.
Regards,
Jatin
03-12-2015 11:10 PM
how client determine which certificate will be used for the EAP-TLS session?
03-13-2015 04:54 AM
There will be small pop-up window on the screen, user needs to select the certificate manually at that time.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide