cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
649
Views
0
Helpful
0
Replies
Highlighted
Not applicable

Cisco ISE-CA, Microsoft NPS as Radius and Macbook with Client Cert - Anyone Tried?

Hello,

Our current setup : Windows Wireless Client , Flexconnect APs drops the client locally in the LAN..Clients gets its certificate from Windows PKI , Uses Windows NPS as Radius. All works well with this setup.

New requirement > Wireless MACbook clients , Uses Cisco ISE as PKI for certificate provisioning instead of Windows ( Windows PKI team doesn't want to support non windows devices).

Provisioning of the client certificates works well, ISE 2.2 can provision certificates to the MACBOOK clients,but Windows NPS (Radius) is not able to validated the client certificate and hence MAC clients not able to connect to the corporate SSID (which works well for Windows). The Root CA was of ISE was imported into the NPS already.

I think the problem for non-working is due to - ISE uses MAC address in the SAN field while NPS is expecting username in the SAN field while validating the certificate.

Anyone has any ideas or suggestion to make it work. 

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards