Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1131
Views
0
Helpful
0
Replies

Cisco ISE-CA, Microsoft NPS as Radius and Macbook with Client Cert - Anyone Tried?

Not applicable

‎08-04-2017 06:38 AM - last edited on ‎07-05-2021 07:29 AM by Community Manager

Hello,

Our current setup : Windows Wireless Client , Flexconnect APs drops the client locally in the LAN..Clients gets its certificate from Windows PKI , Uses Windows NPS as Radius. All works well with this setup.

New requirement > Wireless MACbook clients , Uses Cisco ISE as PKI for certificate provisioning instead of Windows ( Windows PKI team doesn't want to support non windows devices).

Provisioning of the client certificates works well, ISE 2.2 can provision certificates to the MACBOOK clients,but Windows NPS (Radius) is not able to validated the client certificate and hence MAC clients not able to connect to the corporate SSID (which works well for Windows). The Root CA was of ISE was imported into the NPS already.

I think the problem for non-working is due to - ISE uses MAC address in the SAN field while NPS is expecting username in the SAN field while validating the certificate.

Anyone has any ideas or suggestion to make it work. 

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card