Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ISE with two PKI enterprise servers

Hi,

I have to install Cisco ISE for one of my customer.

this customer has two enterprise PKI.

one PKI deliver a certificate for a group of user and the second PKI deliver a certificate for the others user.

In this case how to do? do have need to add the two enterprise pki certificate in each Cisco ISE? the ISE need to have

two certificates one from each PKI server?

what I have already done is to configure cisco ISE with only one enterprise PKI.

Guy charles

3 REPLIES

Re:ISE with two PKI enterprise servers

Do both users group trust each of the enterprise CA certs?

Are the two user groups in the same ad environment and are you planning on differentiated access based on AD groups?

Also you will need to import the root and intermendiate CA from both environments and select trust for client authentication.


Sent from Cisco Technical Support Android App

Tarik Admani *Please rate helpful posts*
New Member

ISE with two PKI enterprise servers

Do both users group trust each of the enterprise CA certs?

No, but I can ask to the customer to do it if it is a right solution.

Are the two user groups in the same ad environment and are you planning on differentiated access based on AD groups?

the two user groups are in the same ad environment, yes i am planning to do access based on ad groups.

Re:ISE with two PKI enterprise servers

The reason I asked if both pki groups trusted on another is because of certificate validation. ISE only allows you to use 1 certificate for the eap interface and will need to be trusted for both groups.

Sent from Cisco Technical Support Android App

Tarik Admani *Please rate helpful posts*
312
Views
5
Helpful
3
Replies
CreatePlease to create content