I'm having an issue with the Proxy SCEP function of ISE. I'm basing my config on the BYOD CVD.
I'm able to enroll an iPAD towards my CA, but when checking the issued certificate Common name or SAN, I can only see the NDES service account username/email on the certificate. According to the consulted documentation I was expecting to have a reference to either the mac address of the device to which the certificate was generated for or towards the username that triggered the enrollment request. None of those appear on the visible fields of the certificate.
Nevertheless while debugging the authentication flow, I do see that the Username is the NDES Service Account, but the RADIUS Username is the actual username of the user that triggered the device enrollment.
Can anybody let me know if this is expected behaviour, and how should the certificate be properly generated, and how to configure either the certificate template to this/ISE?
I ran into this issue when I was configuring this feature, I didnt get the mac address in the attributes list of the cert, but I was able to modify the template in the screenshot attached so that the certificate generated was the username of the authentication request:
I hope this helps!
*Please rate helpful posts*