02-18-2017 11:31 PM
Hi
I am in the process of deploying ISE 2.2 waiting for the hardware delivery. I am thinking of using the Wild Card certificate from Digicert issues to my organisation. Can I use the same certificates or do I need to ask my System team to build an internal CA server?
One advantage I could see to use internal CA servers is the validity of the certificate can be for 10 years where as if I go with a wild card certificate I will be restricted to the validity of the certificate.
I just want to know what would be the best approach when it come certificates for ISE.
Cheers
Yasir
Solved! Go to Solution.
02-19-2017 12:37 PM
If not already done, take a look at How To: Implement ISE Server-Side Certificates and other articles on Certificates / Private Key Infrastructure (PKI)
You should be able to do either or a mix of the two, but it's down to what ISE services you would deploy and what your use base like. For example, it would work great to use wild-card certificates for ISE guest services, as your visitors' devices would probably get prompted to accept certificates as they unlikely already trust your enterprise CA.
02-19-2017 12:37 PM
If not already done, take a look at How To: Implement ISE Server-Side Certificates and other articles on Certificates / Private Key Infrastructure (PKI)
You should be able to do either or a mix of the two, but it's down to what ISE services you would deploy and what your use base like. For example, it would work great to use wild-card certificates for ISE guest services, as your visitors' devices would probably get prompted to accept certificates as they unlikely already trust your enterprise CA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide