Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
2
Replies

With EAP-TLS, can a server and client be signed by different CAs?

trevorjenix
Level 1
Level 1

‎06-08-2015 09:49 AM - edited ‎03-10-2019 10:47 PM

With EAP-TLS, can a server and client be signed by different CAs? Say I want my client certs signed by Enterprise CA and my ISE server cert be signed by public CA? Is this supported with NSP EAP-TLS and AnyConnect EAP-FASTv2 with inner EAP-TLS method?

Labels:
0 Helpful
2 Replies 2

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎06-11-2015 04:17 AM

both client and ISE need to trust the issuer

0 Helpful

jan.nielsen
Level 7
Level 7

‎06-11-2015 12:26 PM

Just to elaborate on what Venkatesh said, yes you can have certs from different ca's on ise and on the client, however ise needs to trust the ca that issued the cert to your client, and your client needs to trust the ca that issued the cert for the iser server. Now regarding NSP i am not sure if that works, AnyConnect with EAP-TLS/EAP-FAST should work fine

0 Helpful
Customers Also Viewed These Support Documents