Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
826
Views
1
Helpful
1
Replies

Question related to ISE certificate

Go to solution
chriscs_lam06
Level 1
Level 1

‎11-02-2016 12:07 AM

1.     Where does the endpoint certificate store if it is issued by ISE? (PSN/ADMIN node)

2.     What is the maximum number of certificate can be stored in ISE node group/per PSN?

3.     What can be done if the number of endpoint certificate reach maximum limit?

4.     If I delete an AD account, is there any way to automatically revoke the user certificate in ISE?

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-02-2016 12:08 PM

1. DB and replicated to all secondary nodes.

2. 1M

3. ISE cleans up endpoint certificates expired more than 30 days. I do not think it would be able to issue more certificates properly if limit reached.

4. No. However, you may use ISE authorization policy to validate AD group membership, which will fail in such case.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-02-2016 12:08 PM

1. DB and replicated to all secondary nodes.

2. 1M

3. ISE cleans up endpoint certificates expired more than 30 days. I do not think it would be able to issue more certificates properly if limit reached.

4. No. However, you may use ISE authorization policy to validate AD group membership, which will fail in such case.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents