cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
326
Views
0
Helpful
4
Replies
Beginner

BYOD doubled certificate issued by CISCO ISE

Hello,

 

I am facing a challenge. Ones I am done with omboarding process via BYOD, Cisco ISE issues 2 certificates. One based on certificate template and second with SERIALNUMBER. This becomes to be a problem when I want to connect a device to the SSID with EAP-TLS as I must choose one of those. I would like to avoid such situation and get device to connect to the SSID automatically.

 

Please see the attached picture

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: BYOD doubled certificate issued by CISCO ISE

That is expected for the iOS devices. But, ISE BYOD flow will pick the correct certificate to use during the onboarding process for supplicant configuration. However, there is a defect filed against it since both certificate could be used for authentication manually by user. I suggest filing a TAC SR and referencing CSCvn04298 (iOS onboarding creates two certificates with different valid date). The defect is not visible to the public.

4 REPLIES 4
Rising star

Re: BYOD doubled certificate issued by CISCO ISE

Are you using NAM or native supplicant on your end nodes? I know with NAM via the NAM profile editor you can match on certificate criteria such as issuer or subject fields. This may give you the ability to automatically utilize the one specific certificate that you wish to use with eap-tls.
Beginner

Re: BYOD doubled certificate issued by CISCO ISE

I am using native supplicant

Highlighted
Cisco Employee

Re: BYOD doubled certificate issued by CISCO ISE

That is expected for the iOS devices. But, ISE BYOD flow will pick the correct certificate to use during the onboarding process for supplicant configuration. However, there is a defect filed against it since both certificate could be used for authentication manually by user. I suggest filing a TAC SR and referencing CSCvn04298 (iOS onboarding creates two certificates with different valid date). The defect is not visible to the public.

Beginner

Re: BYOD doubled certificate issued by CISCO ISE

Thanks for the tips :)