11-02-2016 12:07 AM
1. Where does the endpoint certificate store if it is issued by ISE? (PSN/ADMIN node)
2. What is the maximum number of certificate can be stored in ISE node group/per PSN?
3. What can be done if the number of endpoint certificate reach maximum limit?
4. If I delete an AD account, is there any way to automatically revoke the user certificate in ISE?
Solved! Go to Solution.
11-02-2016 12:08 PM
1. DB and replicated to all secondary nodes.
2. 1M
3. ISE cleans up endpoint certificates expired more than 30 days. I do not think it would be able to issue more certificates properly if limit reached.
4. No. However, you may use ISE authorization policy to validate AD group membership, which will fail in such case.
11-02-2016 12:08 PM
1. DB and replicated to all secondary nodes.
2. 1M
3. ISE cleans up endpoint certificates expired more than 30 days. I do not think it would be able to issue more certificates properly if limit reached.
4. No. However, you may use ISE authorization policy to validate AD group membership, which will fail in such case.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: