Hello to everyone!
I'm testing ISE 2.4 for future deployment. Here are 2 main goals:
1. Full integration for dot1x with EAP-TLS.
2. Client posturement and integration with MS Intune.
I'm stuck with first point though. ISE uses Azure ADDS as identity store. We don't have classic on-prem AD. Authentication itself works fine. Certificates are generated over Certificate Provisioning portal.
But here is the problem. Since all clients are connected to MS Intune they got default certificate which is stored in Personal user certificates. When I install certificate which is generated over portal it is being put into same directory and has same CN (email@example.com). So 2 certificates with same CN firstname.lastname@example.org are placed in same folder. Hereby when user clicks "use certificate for auth" then wrong certificate is being used by Windows (default from Intune).
Is it possible to change somehow order for certificates or there might be another solution? Could Client Provisioning with Native Supplicant configuration solve the issue?
Solved! Go to Solution.
Yes, Thank you!
I've chosen only one Certificate issues and it works fine.
Another question. Is anybody knows how to do some generate certificates on ISE automatically? Might be in some collaboration with intune...