Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2145
Views
0
Helpful
2
Replies

ISE Certificates in a multi-node deployment

Go to solution
scamarda
Cisco Employee
Cisco Employee

‎11-09-2016 06:57 PM

What is the preferred method for admin certificates in a multi-node deployment:

1) Single cert with multiple SAN for each node

2) Shared certificate with multiple SAN among all nodes

Should I create different cert for each node or just share a single cert among all nodes?

Thanks

Sam

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-09-2016 07:29 PM

Please read How To: Implement ISE Server-Side Certificates if not already done.

The choice is usually governed by the organization policies. Option 1 is more secure. Option 2 is more convenient and works better in some cases. For example, Apple iOS and macOS devices will ask to accept the EAP server certificate if not seen before, when performing an ad-hoc connection with PEAP/MSCHAPv2.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-09-2016 07:29 PM

Please read How To: Implement ISE Server-Side Certificates if not already done.

The choice is usually governed by the organization policies. Option 1 is more secure. Option 2 is more convenient and works better in some cases. For example, Apple iOS and macOS devices will ask to accept the EAP server certificate if not seen before, when performing an ad-hoc connection with PEAP/MSCHAPv2.

0 Helpful

Go to solution
scamarda
Cisco Employee
Cisco Employee
In response to hslai

‎11-09-2016 08:29 PM

Understood. Thank you.

0 Helpful
Customers Also Viewed These Support Documents