Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3850
Views
21
Helpful
3
Replies

Types of certificate in Cisco ISE

Go to solution
servicios_ciscon2
Level 1
Level 1

‎08-01-2020 08:10 PM

Hi!

 

I am new in the ISE topic and I know there are differents kinds of certificate but I only get confused when I was looking information about each one of them.

 

Can someone help me please about what is the difference between these type of certificates?? or when we use each one of them :

 

-Server Certificate

-System Certificate

-ISE Certificate

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions
3 Replies 3

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎08-02-2020 12:16 AM

Hi,

Server Certificates are certs used by ISE functions such as EAP encryption,
WebUI, DTLS encryption, etc.

System Certificates include the CA certs (root and intermediate) that are
used to generate and sign server certificates. This is required to complete
the certificate hierarchy of a server certificate. If the certificate chain
for a server certificate is broken, it won't function correctly.

ISE certificates that are certs generated by ISE internal CA. ISE can act
as CA server and generate/ sign certificates.

**** please remember to rate useful posts

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎08-03-2020 08:47 AM

In my opinion, these are all the same.  Depends on where you are seeing these being referred to.  In the ISE GUI under Administration->System->Certificates, you will see a section for "System Certificates".  These are all the certificates assigned to each ISE node.  These are also considered server certificates.  And could also be referred to as the ISE certificates.  Again, depends on where you are seeing these terms used.  Under the "System Certificates" section, you will see multiple certificates assigned to ISE and used for different purposes such as EAP, Admin, Portal, DTLS, etc.

If you then go to Administration->System->Certificates->Trusted Certificates, you will see all of the Certificate Authority (CA) certificates that ISE will trust.  So if you have clients that will be authenticating to ISE using certificates that were issued by your organization's CA/PKI server, then you will need to have that server's Root CA and Intermediate CA certificates installed there and trusted for client authentication.

Hope that helps.

Customers Also Viewed These Support Documents