2 Replies Latest reply: Oct 6, 2017 11:45 AM by kthiruve RSS

ISE internal CA management

rovargas

Is there any way to access/manage the ISE CA issued certificates via API/CLI? API seems to support just managing the Certificate template, but not the issued certificates.

 

Also, when ISE CA issues a certificate, is there any way to get a notification to an admin before the issued certificate expires?

 

Thanks in advance

  • 1. Re: ISE internal CA management
    hslai

    End Point Certificates API is there to create/issue certificates.

    No notification to an admin before the issued certificates expire. However, we may redirect the sessions to a guest portal to go through BYOD again when the certificates are close to expire.

  • 2. Re: ISE internal CA management
    kthiruve

    Please see the alarm section on Certificate expiration and endpoint certificate expiry for details.

    You can configure Alarms in ISE to send a notification (Administration>System>Settings-->Alarm Settings), edit the alarm, go to alarm configuration or alarm notification to send email/syslog notification when these are generated.

    Those are the only options available in ISE, as Hsing pointed out I don’t think you have notifications before endpoint certificate expiry however for general deployment certificate expiration we have options.

     

    In your authorization policy you can also create authorization conditions with Days to expiry and redirect to a portal

     

    -Krishnan