Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
477
Views
0
Helpful
1
Replies

Cisco ISE

paul.collins1.ctr1
Level 1
Level 1

‎02-04-2016 09:32 AM - edited ‎02-21-2020 05:43 AM

Good Morning,

Looking for so help with Cisco ISE. Was recently tasked with looking into enabling PKI on our ISE. Not really saavy when it comes to PKI and was hoping to get some guidance as to how to set this up. Not sure if this could be done using say Active Directory or I would have to connect to A OCSP server. Other note this is a government network so this is a requirement by DISA. Any help is much appreciated. Thanks

Paul

0 Helpful
1 Reply 1

nspasov
Cisco Employee
Cisco Employee

‎02-11-2016 07:07 AM

The ISE built-in CA can be used to issue certificates to devices:

1. Automatically - Done via the Client Provisioning/Onboarding flow/process. 

2. Manually - Done via manually generating a CSR and submitting it to ISE for signing

The CA itself can be deployed as a:

1. Standalone CA 

2. Subordinate/Issuing CA to an existing CA such as Microsoft PKI. That way, the ISE CA can be used to issue certificates to BYODs while the existing Microsoft CA can issue certificates to domain joined machines and domain based users. 

By integrating ISE with an existing CA you can configure OCSP as well

For more information I would recommend you reference the Admin Guide for ISE:

http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_0111.html

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card