- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2016 06:57 PM
What is the preferred method for admin certificates in a multi-node deployment:
1) Single cert with multiple SAN for each node
2) Shared certificate with multiple SAN among all nodes
Should I create different cert for each node or just share a single cert among all nodes?
Thanks
Sam
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2016 07:29 PM
Please read How To: Implement ISE Server-Side Certificates if not already done.
The choice is usually governed by the organization policies. Option 1 is more secure. Option 2 is more convenient and works better in some cases. For example, Apple iOS and macOS devices will ask to accept the EAP server certificate if not seen before, when performing an ad-hoc connection with PEAP/MSCHAPv2.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2016 07:29 PM
Please read How To: Implement ISE Server-Side Certificates if not already done.
The choice is usually governed by the organization policies. Option 1 is more secure. Option 2 is more convenient and works better in some cases. For example, Apple iOS and macOS devices will ask to accept the EAP server certificate if not seen before, when performing an ad-hoc connection with PEAP/MSCHAPv2.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2016 08:29 PM
Understood. Thank you.
