Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
502
Views
5
Helpful
4
Replies

Client Certificate for 802.1x and Microsoft CA

imanv
Level 1
Level 1

‎02-14-2025 08:59 PM

I need your valuable hints to find a solution to my problem. The clients must request a certificate to be able to use the network with dot1x using ISE.
I have a Certificate Authority (CA) server on Windows 2019 (will upgrade soon to 2022). The Certificate Web Enrollment is unsuitable because it's based on ActiveX and has not been updated for many years. I have clients with macOS and Linux. I am looking for a on-premise solution to provide a feasible certification request for them.

Would you please tell me what your suggested solution is ?

 

Labels:
0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-14-2025 11:46 PM

If you have any Windows clients, they can be issued certificates automatically via AD Group Policy. macOS clients are best managed with an enterprise management tools like Jamf or Kanji.

I have not used it, but you may be able to use a third party solution like SCEPman (https://docs.scepman.com/) to manage all three client types.

Rob Ingram
VIP
VIP

‎02-15-2025 01:29 AM

@imanv to add to what @Marvin Rhoads has already mentioned, if you require an on-premise solution to distribute certificates to the MacOS/Linux devices, you could use the bulit-in ISE CA, this allows the user to login to a portal to request the certificate to use for authentication. An MDM would be the better solution though.

imanv
Level 1
Level 1

‎02-15-2025 02:32 AM - edited ‎02-15-2025 02:43 AM

@Marvin RhoadsThank you very much.

In fact I have separate domain for non-corporate users. The users are not joined to the domain. I use it just for VPN polices.

@Rob IngramThanks for your hint. I think it is possible to configure ISE as subordinate Certificate server with Microsoft CA.

Would please describe a little bit more about the MDM application you may be used for on-premise deployment ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card