Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple Client certificates

Dilema: We have Comodo certs for our users, but the only thing missing from the certificate is Principal Username, so I can't use it to authenticate my users. I don't want to reissue all the certificates as that would be to costly.

     So I tried using multiple certificates. I setup a GPO to enroll my machines and users. That works. I setup a Certificate Authentication Profile, source sequence, condition,,,etc. Created my policies, and everything worked as it should using the certs published internally.

Issue: When I used a test user (myself) who has 2 certificates the authentication fails. BUT it doesn't fail all the time! I have 2 pc's running the same build, in the same switch on different ports. I can log in successfully on one, but not the other. I've removed the Comodo certificates and both pc's authenticate fine. I put them back on and I get the same results. I've been reading that is ISE gets multiple certificates it does a search and takes the good one. I don't see why this would work for one pc, and not the other.


Patch Information:2

I'm opening a TAC, but curious to know what others think

CreatePlease login to create content