Hi
I wonder if someone could help me in how to create a policy in ISE to do EAP-TLS based only on the user having a certificate issued by a trusted CA. I don't want to integrate with any external identity source such as AD or LDAP. I just want to look at the client cert and if it is from a trusted source accept it and let them on.
I tried to do this by setting up a Certificate Authentication Profile with no Identity source selected. I then created a policy to check the Issuer CN in the certificate. However, my authentication rule was never matched.
Anyone have any experience of this?
Thanks, Kev.
