Categories
802.1x Active Directory Cisco ISE

Cisco ISE Active Directory Certificate Template

This post will look at configuring a Windows Active Directory CA server with a certificate template for use with ISE that enables both ‘client authentication’, and ‘server authentication’ key usage.

ISE AD Topology
ISE AD Topology

We have a simple network topology with a single ISE node, single Windows server, and a single Windows client machine.

MMC

Open the MMC, I did this logged into the DC as Administrator, add the Certificate Templates, Certificates – Current User, and Certificate Authority snap-ins.

MMC CA/Certificate Snapins
MMC CA/Certificate Snapins

Add a Certificate Template

Click on the Certificate Templates snap-in, right-click the default web server template and select ‘duplicate’. Change the name of the template in the General tab. On the ‘extensions’ tab edit Application Policies and add both client and server authentication.

Certificate Template Application Policies
Certificate Template Application Policies

Issue the Certificate Template

Select the CA snap-in, right-click Certificate Templates and then New -> Certificate Template to Issue, select the ISE certificate you have just created.

New Certificate Template To Issue
New Certificate Template To Issue

The template should now be available when accessing the AD certificate services web page. Select the option to submit and advanced certificate request -:

Advanced Certificate Request
Advanced Certificate Request

The the new ISE template should appear in the ‘Certificate Template’ drop down, CSRs generated from ISE should be requested using this template. -:

Submit CSR
Submit CSR

Leave a Reply

Your email address will not be published. Required fields are marked *