cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
503
Views
10
Helpful
4
Replies
carl_townshend
Frequent Contributor

EAP-TLS certificates for Windows client

Hi All

When doing EAP-TLS authentication using Windows clients, what certificate does the client machine require?

Is a CA root cert enough? or does each machine require its own individual cert? if so how is this assigned etc?

 

Many thanks

 

Carl

 

1 ACCEPTED SOLUTION

Accepted Solutions

It does not get any by default. Either you need to have internal CA server that can issue certificate for domain PCs or you have to get them issued using public CA server.

 

Have a look this document

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/213543-configure-eap-tls-flow-with-ise.html 

 

HTH

Rasika

*** Pls rate all useful responses ***

 

View solution in original post

4 REPLIES 4
Rafael E
Cisco Employee

it needs both 

CA root 

CA  device (windows machine) certificate signed by CA root

Saludos,
Rafael - TAC

Hi

How are the Windows machine certificates created?

Does each domain device get one by default, or do they need to be created somewhere?

cheers

It does not get any by default. Either you need to have internal CA server that can issue certificate for domain PCs or you have to get them issued using public CA server.

 

Have a look this document

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/213543-configure-eap-tls-flow-with-ise.html 

 

HTH

Rasika

*** Pls rate all useful responses ***

 

View solution in original post

Jurgens Lombard
Participant

Also a handy guide to have, check page 58 using Group Policy to sign certificates automatically with end clients.
https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Aug2014/CVD-CampusDot1XDesignGuide-AUG14.pdf
Content for Community-Ad