cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3445
Views
1
Helpful
1
Replies

ISE API - can default internal CA key size be changed?

kpeters011
Level 1
Level 1

I have used the End Points Certificate to successfully get a cert plus key, however the default root CA used to generate the client certificate (Certificate Services Endpoint Sub CA) has a key length of 4096 bits. Unfortunately our devices have a 2048-bit key limit on loaded certs - since we are using EAP-TLS the devices need to be loaded with both root cert and client cert. Is it possible to change the default root cert used to generate the client cert from the API POST call??

1 Accepted Solution

Accepted Solutions

thomas
Cisco Employee
Cisco Employee

it does not appear to be an option as of ISE 2.3:

I will submit this suggestion to the PM.

View solution in original post

1 Reply 1

thomas
Cisco Employee
Cisco Employee

it does not appear to be an option as of ISE 2.3:

I will submit this suggestion to the PM.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: