Showing results for 
Search instead for 
Did you mean: 
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


Types of certificate in Cisco ISE



I am new in the ISE topic and I know there are differents kinds of certificate but I only get confused when I was looking information about each one of them.


Can someone help me please about what is the difference between these type of certificates?? or when we use each one of them :


-Server Certificate

-System Certificate

-ISE Certificate



VIP Advisor

Re: Types of certificate in Cisco ISE


Server Certificates are certs used by ISE functions such as EAP encryption,
WebUI, DTLS encryption, etc.

System Certificates include the CA certs (root and intermediate) that are
used to generate and sign server certificates. This is required to complete
the certificate hierarchy of a server certificate. If the certificate chain
for a server certificate is broken, it won't function correctly.

ISE certificates that are certs generated by ISE internal CA. ISE can act
as CA server and generate/ sign certificates.

**** please remember to rate useful posts
Cisco Employee

Re: Types of certificate in Cisco ISE

Rising star

Re: Types of certificate in Cisco ISE

In my opinion, these are all the same.  Depends on where you are seeing these being referred to.  In the ISE GUI under Administration->System->Certificates, you will see a section for "System Certificates".  These are all the certificates assigned to each ISE node.  These are also considered server certificates.  And could also be referred to as the ISE certificates.  Again, depends on where you are seeing these terms used.  Under the "System Certificates" section, you will see multiple certificates assigned to ISE and used for different purposes such as EAP, Admin, Portal, DTLS, etc.

If you then go to Administration->System->Certificates->Trusted Certificates, you will see all of the Certificate Authority (CA) certificates that ISE will trust.  So if you have clients that will be authenticating to ISE using certificates that were issued by your organization's CA/PKI server, then you will need to have that server's Root CA and Intermediate CA certificates installed there and trusted for client authentication.

Hope that helps.