Cisco Cisco Identity Services Engine Software Manual Técnico
Contents
Introduction
Requirements
Components Used
Configure
Generating Certificate Signing Request (CSR):
Individual server certificate CSR example:
Wildcard CSR example:
Importing new Certificate chain:
Verify
Troubleshoot
The supplicant does not trust the ISE local server certificate during a dot1x authentication.
ISE certificate chain is correct but Endpoint rejects ISE’s Server Certificate during authentication.
References
Related Cisco Support Community Discussions
Introduction
This document describes installing a 3rd party CA signed certificate in Cisco Identity Services Engine.
The process is the same regardless of the final certificate role (EAP authentication, Portal, Admin and pxGrid).
Requirements
Basic Public Key Infrastructure knowledge.
Components Used
The information in this document is based on the following hardware and software versions:
Cisco Identity Services engine (ISE) Release 2.0. The same configuration applies to releases 1.3 and 1.4.
●
Configure
Generating Certificate Signing Request (CSR):
To generate the CSR go to Administration > Certificates > Certificate Signing Requests and select Generate Certificate Signing Requests (CSR).
Under the Usage section select the role to be used from the drop down menu. If the certificate will be used for multiple roles you can select Multi-Use.
Once the certificate is generated the roles can be changed if necessary.
●
Select the node for which the certificate will be generated.
●
Fill out the information as needed (Organizational Unit, Organization, City, State and Country).
●
Note: Under Common Name (CN) field ISE will auto populate the node’s Fully Qualified Domain Name (FQDN).
Wildcards:
If the goal is to generate a wildcard certificate check the “Allow Wildcard Certificates” box.
●
If the certificate will be used for EAP authentications the “*” symbol should not be in the Subject CN field as
Windows supplicants will reject the server certificate.
●