ERS Certificate Profiles

Synopsis

netapi ise get-cert-profiles [OPTIONS]
netapi ise get-cert-profile <NAME>
netapi ise create-cert-profile <NAME> [OPTIONS]

Commands

get-cert-profiles

List all certificate authentication profiles.

netapi ise get-cert-profiles
netapi ise get-cert-profiles --format json

Sample Output

Name                    Description                              Attribute
----                    -----------                              ---------
AD_Cert_Profile         AD certificate authentication            SUBJECT_COMMON_NAME
Windows_Cert_Profile    Windows machine certificates             SUBJECT_COMMON_NAME

get-cert-profile

Get specific certificate profile details.

netapi ise get-cert-profile AD_Cert_Profile

create-cert-profile

Create a new certificate authentication profile.

netapi ise create-cert-profile Machine_Cert \
  --desc "Machine certificate authentication" \
  --attr SUBJECT_COMMON_NAME

EAP-TLS Configuration

Certificate profiles are used in authentication policies for EAP-TLS:

Authentication Policy:
  Condition: EapAuthentication EQUALS EAP-TLS
  Identity Source: AD_Cert_Profile
  If Auth Fail: REJECT
  If User Not Found: REJECT