Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Cisco ISE and PEAP CERT

Any one know where you load the CA Certiricate for PEAP if you use ISE as a radius server ?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
3 ACCEPTED SOLUTIONS

Accepted Solutions
Silver

Cisco ISE and PEAP CERT

Hello George,

Refer to:

Adding a Certificate Authority Certificate

http://www.cisco.com/en/US/partner/docs/security/ise/1.0.4/user_guide/ise10_man_cert.html#wp1053515

Step 1 Choose Administration > System > Certificates.

Step 2 From the Certificate Operations navigation pane on the left, click Certificate Authority Certificates.

The Certificate Authority Certificates page appears.

Step 3 Click Add.

Hope this helps.

Regards.

Cisco Employee

Cisco ISE and PEAP CERT

You need to select Administration->System-Certificates->Local Certificates

Add the certifcate you want to use. When adding select the following option under Protocol "EAP: Use certificate for EAP protocols that use SSL/TLS tunneling"

This will define the server certificate to be used for PEAP protocols

Silver

Cisco ISE and PEAP CERT

George,

Jonny provided the section to install the ISE "Identity Certificate" issued by a CA for the ISE itself. I provided the section to install the Certification Authority (Root) certificate. Adding the clarification to avoid any confusion.

Regards.

8 REPLIES
Silver

Cisco ISE and PEAP CERT

Hello George,

Refer to:

Adding a Certificate Authority Certificate

http://www.cisco.com/en/US/partner/docs/security/ise/1.0.4/user_guide/ise10_man_cert.html#wp1053515

Step 1 Choose Administration > System > Certificates.

Step 2 From the Certificate Operations navigation pane on the left, click Certificate Authority Certificates.

The Certificate Authority Certificates page appears.

Step 3 Click Add.

Hope this helps.

Regards.

Cisco Employee

Cisco ISE and PEAP CERT

You need to select Administration->System-Certificates->Local Certificates

Add the certifcate you want to use. When adding select the following option under Protocol "EAP: Use certificate for EAP protocols that use SSL/TLS tunneling"

This will define the server certificate to be used for PEAP protocols

Silver

Cisco ISE and PEAP CERT

George,

Jonny provided the section to install the ISE "Identity Certificate" issued by a CA for the ISE itself. I provided the section to install the Certification Authority (Root) certificate. Adding the clarification to avoid any confusion.

Regards.

Cisco ISE and PEAP CERT

Can you guys offer any supplemental material for configuring ISE for wireless only? The main config guide is ok, but to much fluff.

Thanks guys

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: Cisco ISE and PEAP CERT

Did anyone install a third party cert and not have that stupid error popup saying Terminate/Connect

thank you

I'm tired of this windows thingy, eventhough i do everything correctly it still pops up with that error.

New Member

Re: Cisco ISE and PEAP CERT

Alright, I've been able to create my own CA in win2008 and ubuntu server aswell ( I was so desperate about this cert thing on windows 7 where it popped up that terminate/connect error that i had to create all that)

Anyway the scenario is using third party cert.

**The domain name doesn't have to match ISE domain name for PEAP Authentication** (so i used my guest webpage ssl cert)

Now windows 7 computers that are a part of a domain/workgorup using native wireless client would still get that error no matter what, even if you add the root cert as a trusted authority in cert list and all that, even third party ones.

Seems like a windows7 bug and here is the workaround:

http://support.microsoft.com/kb/2518158 

I just did that for root ca and intermediate ca from third party ca (goddady in my case) - I did test it with windows server ca and also with ubuntu server ca (yes i did test alot )

Hope it helps someone as it was driving me crazy

New Member

Cisco ISE and PEAP CERT

I am also looking for documentation on how to configure ISE just for wireless. Any help would be greatly apprecaited. Especially with machine authentication using certificates.

Thanks,

C

New Member

Cisco ISE and PEAP CERT

Hello Chris,

For wireless configuration, You may download  Trustsec “Universal Wireless Configuration” from the following location:
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_11_universal_wlc_config.pdf

For machine authentication, review the chapter 5 "Managing External Identity Source"
Additionally, ISE 1.1.x user guide is available at this location:
http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_user_guide.html

3452
Views
0
Helpful
8
Replies