Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
156
Views
0
Helpful
1
Replies

Using Cisco ISE Internal CA to issue function based certificates to other ISE nodes.

CCIEBret13
Beginner
Beginner

‎01-22-2016 09:24 AM - edited ‎03-10-2019 11:25 PM

Current State:

2x Admin Nodes

2x Monitoring and Logging Nodes.

2x Policy Nodes (Clustered)

Environment is running using self-signed certificates (copied from all nodes to all other nodes).

Future State:

I want to replace the self-signed certificates with certificates generated from the Cisco ISE CA.  I want to split out the functionality of these certificates into separate certs for Admin/pxGrid/etc.  I also want to use the Cisco ISE CA as my internal CA for device management of other systems (routers/switches/firewalls/servers).  We do not have a MS CA that we can use.

What I've done so far:

1.  Generated CSRs for all Servers/functions.

2.  Created a Certificate Provisioning Portal.

Issues:

It appears that the Certificate Provisioning Portal is geared more towards user-based certificate generation.  The templates don't allow me to create a template for FQDN or anything server related.  Is there a different portal (URL) that I need to be using to generate server certificates?

Labels:
0 Helpful
1 Reply 1

CCIEBret13
Beginner
Beginner

‎01-22-2016 09:26 AM

It also states that Super-Admins can log into the portal, which is also not working for me.  I have the Portal setup to authenticate ALL users.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents