Cisco ISE system certificates are server or entity certificates that validate a Cisco ISE node in inter-node communication and to end users such as guest and device portal. System certificates are :

·       Admin

·       EAP Authentication

·       RADIUS DTLS

·       Portal

·       SAML

·       pxGrid

By default, two self-signed certificates and two signed by the internal Cisco ISE CA are created on a Cisco ISE node during installation .

In standalone deployment, after installation, Cisco ISE is provisioned for Internal CA Service with a Root CA certificate, two intermediate CA certificates and one server certificate .

In the attached document I detailed these two types of certificates and the purpose.