Is there any documentation stating that ISE 2.1 doesn't support RSASSA-PSS certificates? I found multiple cases where customers needed to change the algorithm to have certificate usable, despite the fact that was shared earlier, that particularly ISE 2.1 will support it.
ISE 2.1 supports it for trusted certificates and endpoint certificates for EAP-TLS authentications. The certificate hierarchy is currently displaying the signature algorithm as 1.2.840.113518.104.22.168. An internal bug is filed on that. Doc might need updating.