Recently I learned that DNA could be used as sub-CA for the network components. I would like to know if there is any extra advantage to using DNA as a sub-CA, and if it is, then would someone share some documentations where it elaborately explains the benefit?
The other question that to change DNA's self-signed certificate. As far as I know, it is always a best practice to change the self-signed certificate, and I want to share that ISE is already productive in our network environment, where it uses the certifcates from our CA. Still, our Cisco partner says replacing the self-signed certificate in DNA is unnecessary. So would you share your thought about it?
I appreciate any help you can provide.