View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Security » SEC0212 - ISE 2.0 Certificate Provisioning Portal (Part 2)

SEC0212 - ISE 2.0 Certificate Provisioning Portal (Part 2)

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Security
The video shows you how to configure the new Certificate Provisioning Portal on Cisco ISE 2.0. The video begins with a discussion of a change in internal CA hierarchy. We will then go through portal creation, test certificate web enrolment, and ultimately utilize the obtained certificate in AnyConnect remote VPN authentication.
 
Part 2 of this lab covers certificate enrolment and AnyConnect VPN authentication testing
 
Topic:
  • ISE Internal CA Hierarchy
  • Certificate Provisioning Portal
  • Certificate Template
  • Certificate Web Enrolment
  • AnyConnect VPN with Client Certificate Authentication
Tag: 
ISE
ise 2.0
certificate
anyconnect
vpn
enrolment

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

3 comments

Submitted by jieyuanccie on Tue, 04/26/2016 - 20:34

I do the step according to your video , Config ISE 2.0 as Intermediate CA , and generate another new CSR for EAP authentication, then use client to get cert from client provision portal , but after client get correct client and client chain which is included all cert , but eap-tls failure , so the log from ISE "EAP-TLS failed SSL/TLS handshake because of an unsupported certificate in the client certificate chain" could you tell me why?

Submitted by Ditmar Tavares on Tue, 05/31/2016 - 11:10

how about the revocation, if I'm using the cert provided by ISE and the user is terminated, how can do I revoke the cert and get the ASA to validate the cert with the ISE ?
the video shows we are decoupling the authC from AuthZ, meaning if we revoke the cert the autheC will still happen ?
thank you, great videos

Submitted by admin on Wed, 06/01/2016 - 21:29

Any certificate issued by ISE can be revoked from the Endpoint Certificate page. You then can configure ASA the do cert revocation check against ISE over OCSP, not CRL, as shown in video SEC0213.