Solved: Re: ISE Certificates in a multi-node deployment

scamarda · ‎11-09-2016

What is the preferred method for admin certificates in a multi-node deployment:

1) Single cert with multiple SAN for each node

2) Shared certificate with multiple SAN among all nodes

Should I create different cert for each node or just share a single cert among all nodes?

Thanks

Sam

hslai · ‎11-09-2016

Please read How To: Implement ISE Server-Side Certificates if not already done.

The choice is usually governed by the organization policies. Option 1 is more secure. Option 2 is more convenient and works better in some cases. For example, Apple iOS and macOS devices will ask to accept the EAP server certificate if not seen before, when performing an ad-hoc connection with PEAP/MSCHAPv2.

View solution in original post

hslai · ‎11-09-2016

Please read How To: Implement ISE Server-Side Certificates if not already done.

The choice is usually governed by the organization policies. Option 1 is more secure. Option 2 is more convenient and works better in some cases. For example, Apple iOS and macOS devices will ask to accept the EAP server certificate if not seen before, when performing an ad-hoc connection with PEAP/MSCHAPv2.

scamarda · ‎11-09-2016

Understood. Thank you.

ISE Certificates in a multi-node deployment

SEG: Validation Error : Certificates signature verification failed

Updated SAML Certificate Web Security and ZTA is now available

UCS Director Multi-Node Deployment 5.4

UCS Director Multi-Node Deployment 5.2

2. Introducing Cisco ISE Deployment - 2.1 & 2.2