cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
992
Views
1
Helpful
2
Replies

Is there a limit to how many CA Server Cert's can be used?

algoldst
Cisco Employee
Cisco Employee

Here is the scenario:

50 different AD domains.

We know that ISE can support up to 50 AD domains however this is not the issue we are concerned about.

What concerns us is that each one of those 50 domains has a separate Microsoft CA / PKI environment and the client wants to perform certificate based authentication for all endpoints from all of the 50 AD domains.

I've skimmed through the 'Managing Certificates' chapter of: http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21.pdf

There does not seem to be any indication as to a limit of certificates, so then does the limit fall in the number of AD Forest that are supported (50)? You just need to pull the cert onto ISE from each CA in each forest?

Let's make the assumption whether domains or forest that there is NO two way trust.

1 Accepted Solution

Accepted Solutions

kthiruve
Cisco Employee
Cisco Employee

Hi Alex,

There is no validated limit to the number of CA. As long as the CA root cert and/or intermediate certificate in the Trusted certificate section for the right set of services such as EAP, Admin etc, the client certificate will be validated. The AD domains ISE support can be in a single or multiple forests.

For ISE performance metrics, please see ISE Performance & Scale community page.

Thanks

Krishnan

View solution in original post

2 Replies 2

kthiruve
Cisco Employee
Cisco Employee

Hi Alex,

There is no validated limit to the number of CA. As long as the CA root cert and/or intermediate certificate in the Trusted certificate section for the right set of services such as EAP, Admin etc, the client certificate will be validated. The AD domains ISE support can be in a single or multiple forests.

For ISE performance metrics, please see ISE Performance & Scale community page.

Thanks

Krishnan

If asking the max # of Trusted Certs, here are the numbers:

Maximum # User Certificates    1M

Maximum # Server Certificates    1000

Maximum # Trusted Certificates    1000

/Craig

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: