We've successfully configured SCEP for Cisco AP 2800's. Flow is this:
1.SCEP uses CA1 for csr and EAP-TLS certificate - no issue
2. Certificate used on Cisco ISE for mutual authentication for AP is signed by CA2 - need know how to install this
Issue is this:
1. Once AP is plugged into 802.1x port, there is a failure as the AP rejects the ISE local certificate (signed by CA2)
2. If ISE and AP are both signed by CA1 there is no issue
Is there a way to install the additional CA2 on the AP after SCEP (eg, SCEP will install CA1 cert and cert signed by CA1), however CA2 needs to be installed on AP after SCEP enrollment to address mutual authentication issue.
Thx