cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
The ISE 2.5 Beta software is now available! Join the ISE Beta Community to try it in your lab!
611
Views
5
Helpful
8
Replies

Revoke an endpoint certificate with ISE 2.3

Hi,

i have an ISE 2.3 and i want to revoke an endpoint certificate.

In the documentation : https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23.pdf

We can read :

"Choose Administration > System > CA Service > Endpoint Certificates"

But this menu does not exist in ISE 2.3, this documentation was for ISE 2.0.

Someone can help me please ?

Best regards,

Guillaume

Everyone's tags (1)
8 REPLIES
VIP Engager

Re: Revoke an endpoint certificate with ISE 2.3

Should be under "Administration > Certificates >Endpoint certificates" 

 

certs-ise.PNG

 

Please raise a documentation feedback on the Cisco page so that they can correct any doc errors.

Re: Revoke an endpoint certificate with ISE 2.3

 I don't have this menu... how is that possible ?

 

CaptureISE.PNG

VIP Engager

Re: Revoke an endpoint certificate with ISE 2.3

Do you have the Plus licenses on the ISE deployment? I believe BYOD and the build-in CA are a part of that license feature so the menu may be missing if you don't have that license.

Another thing to check is if you have "Super Admin" login rights. If you have role based access based on custom menu and data items, there might be a setting to not allow access to this menu.

BTW: I took the screenshot from my 2.1 deployment in error, but the screen should be the same on 2.3 also.

Re: Revoke an endpoint certificate with ISE 2.3

To revoke a certificate i need a plus license ?

I have just a base license but i think it's enough to do 802.X with certificates ...

Thanks,

VIP Engager

Re: Revoke an endpoint certificate with ISE 2.3

If you using the ISE as a certificate authority and issuing certificates to end users, this is part of the PLUS license feature set. This is in the latest ordering guide:

https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-services-engine/guide_c07-656177.pdf

Device registration (My Devices portal) and provisioning for Bring Your Own
Device (BYOD) with built-in Certificate Authority (CA)

If you use your MS PKI environment to issue client certificates, you do not need to have the Plus licenses as the ISE only does the 802.1x authentication bit.

What CA did you use to issue certificates to users?
VIP Engager

Re: Revoke an endpoint certificate with ISE 2.3

Re: Revoke an endpoint certificate with ISE 2.3

The strange thing is i can generate certificate with the ISE CA and the portal...

But i think i configure the portal when the "plus" license was in demo so the portal is still here and i can continue generating certificate ... but i can't revoke it.

Highlighted
Explorer

Re: Revoke an endpoint certificate with ISE 2.3

Did you ever get a resolution to this...I am not able to revoke Certificates either.

 

Thanks,

 

Joe

CreatePlease to create content
Ask the Expert- DMVPN on Cisco routers