cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3694
Views
5
Helpful
8
Replies

Revoke an endpoint certificate with ISE 2.3

Guillaume Roche
Level 1
Level 1

Hi,

i have an ISE 2.3 and i want to revoke an endpoint certificate.

In the documentation : https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23.pdf

We can read :

"Choose Administration > System > CA Service > Endpoint Certificates"

But this menu does not exist in ISE 2.3, this documentation was for ISE 2.0.

Someone can help me please ?

Best regards,

Guillaume

8 Replies 8

Rahul Govindan
VIP Alumni
VIP Alumni

Should be under "Administration > Certificates >Endpoint certificates" 

 

certs-ise.PNG

 

Please raise a documentation feedback on the Cisco page so that they can correct any doc errors.

 I don't have this menu... how is that possible ?

 

CaptureISE.PNG

Do you have the Plus licenses on the ISE deployment? I believe BYOD and the build-in CA are a part of that license feature so the menu may be missing if you don't have that license.

Another thing to check is if you have "Super Admin" login rights. If you have role based access based on custom menu and data items, there might be a setting to not allow access to this menu.

BTW: I took the screenshot from my 2.1 deployment in error, but the screen should be the same on 2.3 also.

To revoke a certificate i need a plus license ?

I have just a base license but i think it's enough to do 802.X with certificates ...

Thanks,

If you using the ISE as a certificate authority and issuing certificates to end users, this is part of the PLUS license feature set. This is in the latest ordering guide:

https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

Device registration (My Devices portal) and provisioning for Bring Your Own
Device (BYOD) with built-in Certificate Authority (CA)

If you use your MS PKI environment to issue client certificates, you do not need to have the Plus licenses as the ISE only does the 802.1x authentication bit.

What CA did you use to issue certificates to users?

The strange thing is i can generate certificate with the ISE CA and the portal...

But i think i configure the portal when the "plus" license was in demo so the portal is still here and i can continue generating certificate ... but i can't revoke it.

Did you ever get a resolution to this...I am not able to revoke Certificates either.

 

Thanks,

 

Joe