Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ISE certificate differentiation

Hello All,

I am trying to create different access policies for users in ISE based on which particular certificate a user may have.  Corporate owned devices will have a certificate from a local CA while non-owned devices will have a certificate from a public CA.  Is it possible to create a policy where a device with a local certificate will match policy A and a device with a public certificate will match policy B?  If so, how do I create these policies.  Thanks for any help!

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Since you're using 2

Since you're using 2 different CA's it would be easy to determine the differentiating factor. In authz rule when you add a condition "select a new condition", you will see attributes under certificate to select and create 2 rules.

You may also refer the below listed link if needed.

BYOD-How-To-Certificates for Differentiated Access"
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_60_byod
_certificates.pdf

 

Regards,

Jatin katyal

*Do rate helpful posts*

~BR Jatin Katyal **Do rate helpful posts**
2 REPLIES
Cisco Employee

Since you're using 2

Since you're using 2 different CA's it would be easy to determine the differentiating factor. In authz rule when you add a condition "select a new condition", you will see attributes under certificate to select and create 2 rules.

You may also refer the below listed link if needed.

BYOD-How-To-Certificates for Differentiated Access"
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_60_byod
_certificates.pdf

 

Regards,

Jatin katyal

*Do rate helpful posts*

~BR Jatin Katyal **Do rate helpful posts**
New Member

Thanks Jatin,We are running

Thanks Jatin,

We are running v1.1 and the options to match against a certificate issuer are not available, but it was pointed out to me that they are available in v1.2.  We will upgrade and we should be able to create the authz policies that you mentioned.

114
Views
0
Helpful
2
Replies
CreatePlease to create content