Cisco Cisco Web Security Appliance S380 User Guide

8-5

AsyncOS 9.1 for Cisco Web Security Appliances User Guide

Chapter 8 Integrate the Cisco Identity Services Engine

Tasks for Certifying and Integrating the ISE Service

Note

Whenever you upload or change certificates on the ISE server, you must restart the ISE service. Also, a
few minutes may be required before the services and connections are restored.

Related Topics

•

Overview of the Identity Services Engine Service, page 8-1

•

Identity Services Engine Certificates, page 8-2

•

Troubleshooting Identity Services Engine Problems, page 8-7

On the WSA, add the
exported ISE Admin and
pxGrid certificates.

•

Upload the ISE Admin and pxGrid certificates for each ISE server
you are configuring on this WSA. See

Connect to the ISE Services,

page 8-6

–

If using a single self-signed certificate for both ISE Admin and
pxGrid, upload the file twice, once each in the ISE Admin
Certificate and ISE pxGrid Certificate fields. See

Connect to the

ISE Services, page 8-6

–

If using CA-signed certificates, be sure the Certificate Authority
that signed each pair of ISE certificates is listed in the Trusted
Root Certificates list on the WSA. If not, import the CA root
certificate. See

Managing Trusted Root Certificates, page 22-25

Note

If the ISE Admin and pxGrid certificates are signed by your
Root CA certificate, be sure to upload Root CA certificate
itself to the ISE Admin Certificate and ISE pxGrid Certificate
fields on the WSA (Network > Identity Services Engine).

Complete configuration of
the WSA for ISE access
and logging.

•

Connect to the ISE Services, page 8-6

•

Add the custom field

to the Access Logs to log the Authentication

mechanism –

Customizing Access Logs, page 21-26

•

Verify that the ISE Service Log was created; if it was not, create it –

Adding and Editing Log Subscriptions, page 21-7

•