04-26-2013 04:46 AM - edited 03-10-2019 08:21 PM
First of all, I've to say that I'm totally new at the certificates' world.
My customer has a wireless network working properly, with supplicants using certificates and authenticating against a Juniper RADIUS server. Now we need to replace the Juniper devices by two Cisco ISE. He has provided me the CA certificates that I've installed on the CA Certificates store on every ISE server. What else do I need for the supplicants to continue working with the new ISE (with no changes at the supplicant level)?
I suppose I need a Local Certificate for each ISE server, signed by the same CA as the supplicants, isn't it? So I've to generate a CSR from each ISE and send it to the CA to sign them, isn't it?
I suppose I need to create a Certificate Authentication Profile, isn't it?
Do I've to do something else?
Thanks,
04-26-2013 08:29 AM
One thing I would also make sure that EAP-TLS/EAP-FAST is ticked in allowed protocols.
Policy->Results -> Authentication -> Allowed Protocols -> Pick your policy
04-27-2013 02:40 AM
Please review the below link which might help you.
http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_client_prov.pdf
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_auth_pol.ht
04-27-2013 05:52 AM
Yes your understanding with this issue is correct. Y
You need to generate CSR from the ISE. A CSR and its private key are generated and stored in Cisco ISE. You can view this CSR in the Certificate Signing Requests page. You can export the CSR and send it to a CA to obtain a signature. http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_man_cert.html#wp1077292
After your CSR is signed by a SAME CA and returned to you, use this process to bind the CA-signed certificate with its private key. http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_man_cert.html#wp1103485
Let me know if you have any question.
Jatin Katyal
- Do rate helpful posts -
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide