Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
419
Views
4
Helpful
2
Replies

Using different CAs for different devices' cert based authentication via ISE

Go to solution
wingai
Level 1
Level 1

‎05-02-2018 01:04 AM

Hi there, Customer has two separate sets of devices that they want to implement certificated based authentication via ISE. One is their users' mobile devices (BYOD scenario). The other is their IoT devices (Yes, these devices are cert ready). They want to use two different CAs (AD CA for users' mobile device while ISE CA for IoT device). Is this possible and how to do that? Thanks. - William

1 Accepted Solution

Accepted Solutions

Go to solution
smashash
Cisco Employee
Cisco Employee

‎05-02-2018 02:08 AM

Yes.  it is possible.

first of all you need to import the Root CA (issuer CA) into ISE ( under Trusted Certificate page)

You need create two rules under policy for AD CA for users' mobile device  and IoT devices.


ISE has several attributes to differentiate  these two flows  ( e.g. BYODRegistration flag   for BYOD flow  or using Certificate (Issuer CA) attributes,device location or group ...)


here is an example:


YYes
HTH,

View solution in original post

2 Replies 2

Go to solution
ognyan.totev
Level 5
Level 5

‎05-02-2018 01:59 AM

Yes it is ,look here ISE Certificate Authority (CA)

Go to solution
smashash
Cisco Employee
Cisco Employee

‎05-02-2018 02:08 AM

Yes.  it is possible.

first of all you need to import the Root CA (issuer CA) into ISE ( under Trusted Certificate page)

You need create two rules under policy for AD CA for users' mobile device  and IoT devices.


ISE has several attributes to differentiate  these two flows  ( e.g. BYODRegistration flag   for BYOD flow  or using Certificate (Issuer CA) attributes,device location or group ...)


here is an example:


YYes
HTH,
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents