You are here
SEC0187 - ISE 1.3 Internal Certificate Authority (CA) Setup (Part 1)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video discusses and demonstrates different deployment models of Cisco ISE 1.3 Internal Certificate Authority. We will be setting up ISE internal CA, both as a standalone and intermediate CA, and creating certificate template to issue client certificate for our next BYOD labs. We will also touch on the significance of, and demonstrate certificate keypair export and import to other ISE nodes in the deployment.
Part 1 of this video talks about deployment models and configures ISE as a standalone CA
Topic:
- ISE Internal CA; Standalone Root, Intermediate, Disabled
- ISE Root CA
- ISE Intermediate CA
- ISE Certificate Template
- Repository
- Certificate Keypair Export/Import
- ISE Integration with External SCEP Server
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
4 comments
can i use Internal CA to issue certificate to machine.
I`m planning to auto issue certificate to employee machines, then i can use EAP chaining,
Q1-can i use that using ISE internal CA for that?
Q2-can i use BYOD with employee domain-machines ?
Thanks alot for help.
can i use Internal CA to issue certificate to machine.
can i use Internal CA to issue certificate to machine.
Hi, sorry but it is a user cert? I can see in the cert template that the SAN is the MAC address of the device. Isn't that a machine cert?
Thanks,
can i use Internal CA to issue certificate to machine.
It is a user cert. The MAC address inserted into SAN is informational. You can use it to cross check with the actual endpoint MAC address in case the user somehow export the cert and try to use it on another device.