cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
156
Views
0
Helpful
1
Replies

Using Cisco ISE Internal CA to issue function based certificates to other ISE nodes.

CCIEBret13
Beginner
Beginner

Current State:

2x Admin Nodes

2x Monitoring and Logging Nodes.

2x Policy Nodes (Clustered)

Environment is running using self-signed certificates (copied from all nodes to all other nodes).

Future State:

I want to replace the self-signed certificates with certificates generated from the Cisco ISE CA.  I want to split out the functionality of these certificates into separate certs for Admin/pxGrid/etc.  I also want to use the Cisco ISE CA as my internal CA for device management of other systems (routers/switches/firewalls/servers).  We do not have a MS CA that we can use.

What I've done so far:

1.  Generated CSRs for all Servers/functions.

2.  Created a Certificate Provisioning Portal.

Issues:

It appears that the Certificate Provisioning Portal is geared more towards user-based certificate generation.  The templates don't allow me to create a template for FQDN or anything server related.  Is there a different portal (URL) that I need to be using to generate server certificates?

1 Reply 1

CCIEBret13
Beginner
Beginner

It also states that Super-Admins can log into the portal, which is also not working for me.  I have the Portal setup to authenticate ALL users.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers