Cisco Cisco Identity Services Engine 1.3
Procedure
Step 1
Choose Network > Identity Services Engine to open the Identity Services Engine configuration page.
Step 2
Click Edit Settings to add or update the WSA client, ISE admin, and pxGrid certificates.
Step 3
Verify that the Enable ISE Service checkbox is checked to enable the ISE service.
Step 4
Identify the ISE server by using its host name or IPv4 address.
Step 5
Select the method you want to use to provide a client certificate for the WSA-ISE server mutual authentication:
• Use Uploaded Certificate and Key—Upload and choose the files, as necessary.
• Or, Use Generated Certificate and Key—Generate a new certificate and key, if necessary.
◦Click Generate New Certificate and Key.
◦In the Generate Certificate and Key dialog box, enter the information to display in the signing certificate.
◦Click Generate.
◦Click the Download Certificate Signing Request (DCSR) link to submit it to a Certificate Authority (CA).
After you receive a signed certificate from the CA, click Browse and navigate to the signed certificate location.
Click Upload File.
Click Upload File.
◦Add the CA root under Administration > Certificates > Trused Certificates on ISE Server, if not already
present.
• Or, If the user does not prefer to use the CA signed WSA client certificate:
◦Click on Download Certificate and download the certificate to a local folder.
◦Upload this certificate to Administration > Certificates > Trused Certificates in the ISE server.
Step 6
If using a locally saved WSA client certificate and key, ensure that the certificate is available in the Administration >
Certificates > Trusted Certificates path. Or, import the certificate by navigating to Administration > Certificates >
Trusted Certificates > Import path on the ISE server Admin UI.
Certificates > Trusted Certificates path. Or, import the certificate by navigating to Administration > Certificates >
Trusted Certificates > Import path on the ISE server Admin UI.
Step 7
Provide an ISE Admin Certificate for use in bulk download of ISE user-profile data to the WSA. Browse to and select the
certificate file, and then click Upload Files. See
certificate file, and then click Upload Files. See
, page 22-25 for additional information.
Step 8
Provide an ISE pxGrid Certificate for WSA-ISE data subscription (ongoing queries to the ISE server). Browse to and
select the certificate file, and then click Upload Files. See
select the certificate file, and then click Upload Files. See
, page 22-25 for additional
information.
Step 9
(Optional) Click Start Test. The test:
• Resolves the ISE host name to its corresponding IP address.
• Validates the WSA client certificate.
• Validates the ISE pxGrid certificate.
• Validates the ISE Admin certificate.
• Checks the connection to the ISE pxGrid and retrieves the SGTs.
• Checks the connection to the REST server.
11