01-16-2024 01:18 PM
Hi,
I would like to know where AnyConnect ISE Posture Module look for certificate when is communicating with ISE PSN(Policy Server).
ISE Certificate it's signed by Corporate Root CA.
Should I need to import Corporate Root Certificate on Personal or Machine Store in Windows 10 workstation?
Best Regards,
Daniel Stefani
Solved! Go to Solution.
01-16-2024 01:23 PM - edited 01-16-2024 01:28 PM
@Daniel Stefani import the root certificate of the Corporate Root CA in to the machine Trusted Root Certificate Authority store on the computer to ensure trust with the ISE certificate.
If this an Active Directory environment and the Corporate Root CA is MS AD CA then it's likely the Windows GPO will have deployed the root CA to the domain join computers.
01-16-2024 01:23 PM - edited 01-16-2024 01:28 PM
@Daniel Stefani import the root certificate of the Corporate Root CA in to the machine Trusted Root Certificate Authority store on the computer to ensure trust with the ISE certificate.
If this an Active Directory environment and the Corporate Root CA is MS AD CA then it's likely the Windows GPO will have deployed the root CA to the domain join computers.
01-17-2024 04:28 AM
Thank you @Rob Ingram, Do you know if Cisco has some documentation explaining about this ?
In my scenario, the customer is enforcing ISE Posture for partners conecting by VPN. Partners must install AC ISE Posture module. Some partners does not have admin privilege in it's Windows Machine, so, they can´t install Root Certificate(corporate) in Machine Store. In this case, we can work in two ways, customer can provide a Public Certificate for CP Portal, or third partners with no admin priv, need to ask for their IT Team install Corp Root Cert in machine Store.
Anyway, thank you for your help.
Best Regards,
Daniel Stefani
01-17-2024 05:09 AM
@Daniel Stefani ok in that case they can install the corporate root certificate in the user Trusted Root Certificate Authority if they don't have access to the machine certificate store. This will mean only that user has that root certificate installed, but at least that user will trust the certificate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide