Certificate Issuance

ISE Server Certificate

Issue admin/EAP certificate:

vault write pki_int/issue/domus-server \
  common_name="ise-01.inside.domusdigitalis.dev" \
  alt_names="ise-01" \
  ttl="8760h"

Client Certificates

Issue for 802.1X clients:

vault write pki_int/issue/domus-client \
  common_name="hostname.inside.domusdigitalis.dev" \
  ttl="8760h"

Import to ISE

  1. Export certificate and key from Vault output

  2. Navigate to Administration > System > Certificates > System Certificates

  3. Click Import

  4. Select certificate and key files

  5. Assign to Admin and EAP roles

Related

See Vault PKI Cert Issuance (infra-ops) for complete procedure.