Prior to anything, make sure the WSA has basic configs (IP address, licensing, etc).
For ISE, navigate to Administration>System>Certificates>Trusted Certificates and make sure the Root CA certificate is uploaded and that it’s Trusted for Client Authentication and authentication within ISE:
Navigate to Administration>System>Certificates>Certificate Signing Requests and click Generate Certificate Signing Requests (CSR). Create a Multi-Use certificate for your ISE node and once created, export it. Open it with Notepad, copy the CSR and open your AD Certificate Services page. Click on Request a certificate>advanced certificate requests, paste the CSR in the Base-64-encoded request and choose pxGrid ads the certificate template before clicking Submit. On the next page, download the certificate as Base-64 encoded.
Go back to Administration>System>Certificates>Certificate Signing Requests, check the box next to the CSR and bind the certificate and specify that the certificate will be at least used for pxGrid.
Navigate to Administration>System>Certificates>System Certificates and make sure your bond certificate is there with the pxGrid usage:
Navigate to Administration>System>Deployment and click on your ISE node:
Ensure that pxGrid is checked:
Navigate to Administration>pxGrid Services>Settings and ensure that automatically approve new accounts is checked:
Navigate to the AD certificate services and ensure that the CA certificate is downloaded if you haven’t already:
In the WSA, navigate to Network>Certificate Management and click on Manage Trusted Root Certificates.. to upload the CA certificate you just downloaded.
Click Import:
Browse to your downloaded and upload the CA certificate and click Submit:
Click Submit again:
Click Commit Changes to apply the changes:
Navigate to Network>Identity Services Engine and click Enable and Edit Settings..
In the first section, add your ISE IP or hostname, click Browse, select the CA certificate and click Upload File:
In the next section, upload the CA certificate again:
In the last section, choose the radio button for Use Generated Certificate and Key and click the button Generate New Certificate and Key:
Fill in the certificate fields and click Generate:
After Generating it, click on the Download Certificate Signing Requests… link and open the CSR in Notepad:
Very important: Click Submit at the bottom of the page and then Commit Changes in the WSA.
After doing so, navigate back to Network>Identity Services Engine and click on Edit Settings:
Open up your AD Certificate Services and click on Request a certificate:
Click advanced certificate request:
On the opened CSR you downloaded from the WSA, Copy this section only:
Back in the AD Certificate Services, paste it, choose the pxGrid template and click Submit:
Download the new certificate in Base 64 format
Back in the WSA, upload the certificate:
You should see a success message at the top:
On the bottom of the screen, click Start Test to verify everything is working:
In the WSA, navigate to System Administration>Log Subscription and click accesslogs. Under the Custom Fields (optional), add %m
Click Submit and Commit Changes
In ISE, navigate to Administration>pxGrid Services>Clients to verify the new pxGrid node is showing up: