Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5554
Views
0
Helpful
3
Replies

Cisco ISE Root CA

srikanth.soogoor
Level 1
Level 1

‎03-26-2014 05:46 AM - edited ‎07-05-2021 12:33 AM

Hi all,

I have a query on onboarding iOS, Android and windows devices through Cisco ISE.

I understood that we are going to provision and onboard above devices issuing certificates.

Do ISE has Certificate authority where it can generate its own Root CA and Intermediate CA signed by root CA and device certificates signed by intermediate CA i mean profile signing CA???

Or else we need to create CSR and send it to CA to get it signed . then we have to import root, intermediate CA's to ISE. CA's like godaddy ,verisign...when we send CSR .. do they send  root certificate, intermediate certificate and signed certificate??

Thanks

Srikanth

 

 

Labels:
0 Helpful
3 Replies 3

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎03-26-2014 09:59 AM

HI,

After installation, ISE generates, by default, a self-signed local certificate and private key, and stores them on the server.  ISE authenticates itself to clients using the default self-signed certificate that is created at the time of installation. This self-signed certificate is used for both HTTPS and EAP protocols to authenticate clients. This self-signed certificate is valid for one year and its key length is set to 1024 bits. At the time of generation, this certificate is used for both EAP and HTTPS protocols.

 

Cisco strongly recommends installing a CA-signed certificate.(Dont use self generated certificare from ISE).

Process for certificate deployment:see the link:

https://www.youtube.com/watch?v=d-ro6P2Azl8

 

Regards

 

 

0 Helpful

srikanth.soogoor
Level 1
Level 1
In response to Sandeep Choudhary

‎04-01-2014 12:35 AM

Hi Sandeep,

Yes i understood that. yes i do agree that Self-signed certificate is used l3 authentication and EAp-methods

During provisiong of BYOD's , i understood that client certificate is pushed to perform EAP-TLS(iOS) and credentials for Android (PEAP-MsCHAPV2). As there is no CA capability for ISE how it will issue certificates to client devices???

 

0 Helpful

Anas Naqvi
Level 1
Level 1

‎03-31-2014 04:10 PM

Yes, Sandeep is correct. You may also check the below link,

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_e_man_cert.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card