cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1198
Views
0
Helpful
5
Replies

Cons and Pros for using ISE CA authority instead of internal standalone CA authority

imihajlo
Cisco Employee
Cisco Employee

Hello,

Could you please let me know do we have any whitepaper/document around when we should consider using ISE built-in CA authority?

What are cons and pros for that - if any?

Specially in the environments when we already have deployed internal CA authority in the intranet.

Are there any considerations we should have in mind then if we should use CA on ISE or internal standalone CA?

Many Thanks

Ivana

1 Accepted Solution

Accepted Solutions

Yes recommend internal

Closed loop meaning everything in one software. ISE has everything you need. Why would you complicate by adding more pieces

View solution in original post

5 Replies 5

umahar
Cisco Employee
Cisco Employee

I use Internal CA on ISE when using BYOD.

For use cases like EAP-TLS for workstation better to use internal CA.

Internal ca should be used for the following reasons.

It’s built in

On out of box

Closed loop

Easy to configure and troubleshoot

ISE management of all pieces of clients doing cert auth

Hello Jason,

If I understand you well (apologies if not) you are recommending built-in CA in ISE?

What do you please imply with “closed loop” ?

Many Thanks

Ivana

Ivana Mihajlovic

Customer Success Manager

Cisco CCIE Security, ISC2 CISSP, ISC2 CCSP, AWS Certified Solution Architect - Associate, TOGAF 9, ITIL, Proact BOST Bronze, Master Project Management

Cisco Systems, Inc.

Pegasus Parc De kleetlaan 6a

DIEGEM 1831 Belgium

imihajlo@cisco.com

Yes recommend internal

Closed loop meaning everything in one software. ISE has everything you need. Why would you complicate by adding more pieces

Thanks Jason

Regards

Ivana

Ivana Mihajlovic

Customer Success Manager

Cisco CCIE Security, ISC2 CISSP, ISC2 CCSP, AWS Certified Solution Architect - Associate, TOGAF 9, ITIL, Proact BOST Bronze, Master Project Management

Cisco Systems, Inc.

Pegasus Parc De kleetlaan 6a

DIEGEM 1831 Belgium

imihajlo@cisco.com

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: