Guys,
Having a lot of bother with getting ISE to work with a subordindate CA. We are implementing a wireless Proof of concept for our customer useing ISE as the security element.
The customer would rather not change any settings on the root CA and would like to use a sub CA for scep. Im not sure what the setup should look like with the Root and Sub ca.
Should ise be signed by the sub CA if we are using the sub for scep? Or can we point the scep server to the Root when setting up the NDES service on the scep server?
At the minute the ISE node is signed by the root CA. When i add the sub as the scep server it submits successfully but recevie NDES errors and prompts from apple devices saying the response from the scep server is incorrect. I can post any errors if that helps. Just looking guidance as I have no real experience with certs at all. Thanks
Update: Error on the scep server is:
The Network Device Enrollment Service cannot decrypt the client's PKCS7 message (0x80090005). Bad Data.
