06-07-2019 06:53 AM
Is there any impact of disabling internal CA in a distributed cluster if we are not using internal CA to issue any certs to endpoints or for any other pxGrid clients ?
I know a distributed cluster has its own PKI hierarchy starting with root CA from PAN.
Is there any impact to adding new nodes after disabling internal CA ?
Solved! Go to Solution.
06-09-2019 04:29 PM
The others are correct if the ISE deployments are of ISE 2.4 or prior.
In ISE 2.6 distributed deployments, ISE internal CA is also used to issue certificates for ISE Messaging Service (which provides ISE Light Session Directory) so we should not disable it.
06-07-2019 10:18 AM
06-07-2019 10:55 AM
06-07-2019 11:34 AM
06-09-2019 04:29 PM
The others are correct if the ISE deployments are of ISE 2.4 or prior.
In ISE 2.6 distributed deployments, ISE internal CA is also used to issue certificates for ISE Messaging Service (which provides ISE Light Session Directory) so we should not disable it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide