05-02-2018 01:04 AM
Hi there, Customer has two separate sets of devices that they want to implement certificated based authentication via ISE. One is their users' mobile devices (BYOD scenario). The other is their IoT devices (Yes, these devices are cert ready). They want to use two different CAs (AD CA for users' mobile device while ISE CA for IoT device). Is this possible and how to do that? Thanks. - William
Solved! Go to Solution.
05-02-2018 02:08 AM
Yes. it is possible.
first of all you need to import the Root CA (issuer CA) into ISE ( under Trusted Certificate page)
You need create two rules under policy for AD CA for users' mobile device and IoT devices.
ISE has several attributes to differentiate these two flows ( e.g. BYODRegistration flag for BYOD flow or using Certificate (Issuer CA) attributes,device location or group ...)
here is an example:
05-02-2018 01:59 AM
Yes it is ,look here ISE Certificate Authority (CA)
05-02-2018 02:08 AM
Yes. it is possible.
first of all you need to import the Root CA (issuer CA) into ISE ( under Trusted Certificate page)
You need create two rules under policy for AD CA for users' mobile device and IoT devices.
ISE has several attributes to differentiate these two flows ( e.g. BYODRegistration flag for BYOD flow or using Certificate (Issuer CA) attributes,device location or group ...)
here is an example:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide