Generate pxGrid certificate
1. In the ISEUI, click the (Menu) icon and choose Administration > pxGrid Services
> Client Management > Certificates.
2. In the I want to drop-down list, select Generate a single certificate (without a
certificate signing request).
3. In the Common Name (CN) field, enter a name for the sensor, example sca_sensor.
4. In the Certificate Download Format drop-down list, select Certificate in Private
Enhanced Electronic Mail (PEM) format, key in PKCS8 PEM format (including
certificate chain).
5. In the Certificate Password field, enter a temporary (single-use), strong certificate
password to encrypt the private key.
6. Click Create to download a ZIP archive with the certificate and encrypted private
key.
l
The Common Name does not have to match the sensor name. The name is
visible on the pxGrid clients list when you go to Administration > pxGrid
Services > Client Management > Clients.
l
PxGrid requests will fail if there is another pxGrid client with the same
name registered to ISE already.
l
You should not generate more than one certificate with the same Common
Name. During certificate renewal, go to Administration > pxGrid
Services > Client Management > Clients and remove the existing pxGrid
client. Then you can generate a new certificate with the same Common
Name.
Enable Secure Cloud Analytics Sensor for ISE
1. Log in to the Secure Cloud Analytics web portal.
2. Go to Settings >Integrations >ISE.
3. Select the sensor you want to configure with ISE.
4. In the Certificate password field, use the password created in step 5 of the
previous section.
5. Upload the ZIP file downloaded in step 6 of the previous section.
6. Click Submit. After successfully configuring the integration, the sensor status icon
turns green. This may take up to 30 minutes and depends on the ISE session
© 2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 11 -
Integrating with ISE