Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
461
Views
0
Helpful
3
Replies

Renewing a root certificate on Cisco ISE

mohanak
Cisco Employee
Cisco Employee

‎03-12-2015 10:22 AM - edited ‎03-10-2019 10:32 PM

EAP-TLS is using for machine authentication with Cisco ISE and 802.1X. The root certificate that signed the client certificates is about to expire. I understand we can just add the new root certificate in the trusted store of the ISE servers, but how to handle this on the client side. Our customer is using Windows 7 PC''s and the certificate used for authentication is stored in the personal computer store. Is it possible i.e. to have two client certificates in that store and if so how can it be determined which certificate will be used for the EAP-TLS session?

Labels:
0 Helpful
3 Replies 3

Jatin Katyal
Cisco Employee
Cisco Employee

‎03-12-2015 11:10 PM

Yes, you can have 2 client certificates. While authenticating via EAP-TLS, user will be prompted to choose the user certificate.

Regards,

Jatin

~Jatin
0 Helpful

mohanak
Cisco Employee
Cisco Employee
In response to Jatin Katyal

‎03-12-2015 11:10 PM

how client determine which certificate will be used for the EAP-TLS session?

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to mohanak

‎03-13-2015 04:54 AM

There will be small pop-up window on the screen, user needs to select the certificate manually at that time.

~Jatin
0 Helpful
Customers Also Viewed These Support Documents