Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
638
Views
0
Helpful
1
Replies

Wired Cisco 2800 AP 802.1x - EAP-TLS 2nd CA install after successful SCEP for mutual authentication

j.ridgers
Level 1
Level 1

‎08-07-2019 10:23 AM - edited ‎07-05-2021 10:49 AM

We've successfully configured SCEP for Cisco AP 2800's. Flow is this:

 

1.SCEP uses CA1 for csr and EAP-TLS certificate - no issue

2. Certificate used on Cisco ISE for mutual authentication for AP is signed by CA2 - need know how to install this

 

Issue is this:

1. Once AP is plugged into 802.1x port, there is a failure as the AP rejects the ISE local certificate (signed by CA2)

2. If ISE and AP are both signed by CA1 there is no issue

 

Is there a way to install the additional CA2 on the AP after SCEP (eg, SCEP will install CA1 cert and cert signed by CA1), however CA2 needs to be installed on AP after SCEP enrollment to address mutual authentication issue.

 

Thx

Labels:
0 Helpful
1 Reply 1

patoberli
VIP Alumni
VIP Alumni

‎08-09-2019 12:03 AM

Which software version are you using on the AP?
The latest few releases added various 802.1x features.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card