03-20-2019 09:06 AM
We currently use Wireless AP-WLC-Cisco ACS/ Windows AD model to authenticate corporate wireless users/devices through WLAN. We are planning to retire ACS and replace it with ISE 2.4.
During the preliminary test, we found the end devices are prompted to TRUST the new certs from ISE.
Since we have thousands of end users/Devices, is there any way to NOT prompt the users (i.e. make the ACS-to-ISE transition transparent to users, without getting end-user interrupted or contused) ?
Another puzzling issue: When I used the iPhone (IOS 12.1.4) to test new AP-WLC-ISE setting, I was prompted with Certificate Trust screen, even if it's a legit cert issued by Entrust, Apple/iPhone still think it's "Not Trusted", why ?
03-20-2019 09:33 PM
Checking with our SME on this.
Thanks,
Nidhi
03-21-2019 01:11 AM
This is normal behavior with ISE as it uses a self signed Cert.
You would need to have your endpoints add ISE cert to their trusted lists of CAs.
This should also solve your issue with iphone .
03-21-2019 09:32 AM
Hi, Danny:
Actually the cert is not-self assigned, it was issued by EnTrust (Please see the attached).
Regarding add ISE cert to the end point:
For PCs, it's very easy ... pushed via SCCM or GPO.
How do we achieve this for iPhone/Androids ? Is MDM the only option?
I think MDM works for company issued phones, how about BYOD mobile devices ?
Thanks a lot !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide