cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

252
Views
0
Helpful
1
Replies
Highlighted
Beginner

How can Cisco Identity Services Engine handle end entity certificates validity information?

I want to use client certificate with Cisco Identity Services Engine (RADIUS based SSO product) but I cannot find the way to handle OCSP or CRL information.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

Cisco ISE has the capability

Cisco ISE has the capability to communicate with OCSP servers over HTTP to validate the status of certificates in authentications. The OCSP configuration is configured in a reusable configuration object that can be referenced from any certificate authority (CA) certificate that is configured in Cisco ISE.

You can configure CRL and/or OCSP verification per CA. If both are selected, then Cisco ISE first performs verification over OCSP. If a communication problem is detected with both the primary and secondary OCSP servers, or if an unknown status is returned for a given certificate, Cisco ISE switches to checking the CRL.

Refer

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_cert.html#pgfId-1105719

1 REPLY 1
Rising star

Cisco ISE has the capability

Cisco ISE has the capability to communicate with OCSP servers over HTTP to validate the status of certificates in authentications. The OCSP configuration is configured in a reusable configuration object that can be referenced from any certificate authority (CA) certificate that is configured in Cisco ISE.

You can configure CRL and/or OCSP verification per CA. If both are selected, then Cisco ISE first performs verification over OCSP. If a communication problem is detected with both the primary and secondary OCSP servers, or if an unknown status is returned for a given certificate, Cisco ISE switches to checking the CRL.

Refer

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_cert.html#pgfId-1105719

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards