Hi All,
I'm currently designing an ISE deployment that will use EAP-TLS authentication with a Microsoft CA assigned certificates and I want to clarify the behaviour when the client certificate expires. Does ISE carry out basic checks such as certificate expiry etc? If so, what is the best solution to identify expired certificates and allow clients to connect to a remediation network to renew the certificate?
Ideally we would configure AD to automatically renew expiring certificates early, however, we have a large number of users outside of the office that do not regularly connect to the VPN/LAN so their certificates may expire resulting in failed authentication when they do return to the office.
Should this be a concern?
Thank you