9 Replies Latest reply on Jul 21, 2020 10:02 AM by Ramkumara11

    Microsoft CA Certificate Wifi Acces & Cisco ISE (ADCS via DCOM / NDES via SCEP ?!?)

    sbenkel Novice

      Hi everybody.


      i´m struggling with the task to set up Certificate based authentication with a Microsoft Root CA and cisco ISE as the authenticator - never done something like this before.


      The goal is the following:

      Certificate based authentication of the mobile devices over the cisco ISE Cluster as an authenticator with Airwatch & Microsoft CA.

      I just want to implement a simple certificate based authentication with a root ca + a device based certificate?


      Now i read a lot about ADCS via DCOM and NDES via SCEP and so on but im not sure which technology or setting i should use for my usecase.



      AD CS via DCOM

      NDES via SCEP


      What steps should be done to achive a certificate based wifi authentication like planned?

      1.   In each case i need a Microsoft certifcate authority (CA)

      2.   Duplicate/Create a Certificate Template in the CA + activate it

      3.   Configure CA and the certificate template in WS One so that Workspace ONE UEM can retrieve a certificate from a CA

      4.  Configure the certificate template (request template) in Airwatch


      I have seen different setings for certificates:

      In the Profile Settings (IOS/Android) i can configure Credentials Payload


      Also in the Wi-Fi Paylod in the Profile Settings i can add Trusted Server Certificate Names and see Trusted Certificates.


      Im not sure how everything works together and which configuration is rearly neccesary. I´m still on research for everything but maybe someone done this before and could give me a push in the right direction? I already read the existing postings to this topic but couldn´t figure out the right information.


      If someone has some experience and is willing to share with me than i would realy be thankful for!


      Cheers and thanks a lot