cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1027
Views
0
Helpful
3
Replies

ISE - Multiple Issuing Subordinate CAs for EAP Auth?

Is it possible to utilise multiple issuing subordinate CAs with an ISE implementation? In short I have a situation where the client is wanting to issue certificates for one group of users from CA1 and issue certificates for another group of users from CA2.

As far as I can see it is not possible to have two different server certificates installed on a policy node for the purposes of EAP authentication. Is the only way around this to install a policy node per issuing certifcate server?

Everyone's tags (7)
3 REPLIES 3

ISE - Multiple Issuing Subordinate CAs for EAP Auth?

Ok to add to this I would really like some clarification on certificate installation for the purposes of EAP-TLS. The Cisco doco is at best vague on this topic. I have a distributed deployment with 2 x Admin, 1 x monitoring and 2 x PSN. I have installed a Public HTTPS server auth cert on each device and all nodes are joined. I would now like to utilise MS CA cert infrastructure to authenticate EAP-TLS.

My understanding is that I need the MS CA Root Cert and Subordinate Cert on the Admin node with the subordinate cert ticked for trust for EAP Auth. Is there a requirement for a Server Authentication certificate on the Admin Node? Going forward with that Is there a requirement to add a server authentication certificate to the PSN Nodes?

In addition back to my first question is it possible to utilise multiple subordinate CAs for client authentication if so how as I cannot seem to click trust for EAP on multiple certs

ISE - Multiple Issuing Subordinate CAs for EAP Auth?

Issue sorted.

Highlighted

Re: ISE - Multiple Issuing Subordinate CAs for EAP Auth?

Hi

 

Will you be able to share the solution here. I have similar requirement.

 

Regards

Ashish Shah