Step 1: download your Root CA certificate, depending on your setup this step may vary
- In this example my certificate authority will be my home labs windows 2008 server, it is assumed that you have access to a CA server or signed CA certificate already
Step 2: ISE use .pem format for its certificates, the Windows CA cert is a .cer format so we are required to changed the format, to do this I will be using Openssl as I am using a Apple MAC which comes standard if using windows you will required to download the file.
- In Terminal or what ever application you are using go to the location of where you have stored the certificate and enter the following command
“openssl x509 -inform der -in cacert.cer -out isecacert.pem”
Step 3: Import the signed CA cert into ISE
- Click on administration>system>certificates>trusted certificates
- Click on Import
- Select the CA certification “isaca.pem”
- Once CA Certificate has been selected, clicked on the following 3 boxes to support EAP-TLS based authentication
- Click submit
The Windows server CA certificate will now appear in the Trusted Certificates list.