Showing results for 
Search instead for 
Did you mean: 
Cisco Community November 2020 Spotlight Award Winners

Internal Certificate Authority (CA) to Deploy Certificates to Cisco Platform Exchange Grid (pxGrid) Clients


This document is intended for Cisco Engineers, partners and customers using Cisco Identity Services Engine (ISE) internal Certificate Authority (CA) for deploying Cisco platform Exchange Grid (pxGrid) certificates to pxGrid clients.  Using the ISE internal CA authority for deploying pxGrid client certificates eases certificate deployment by using ISE as the internal CA authority and not requiring an external CA server.


NOTE: This document was generated using ISE 2.2 but should work with most higher releases. Remember to stick with the current recommended release


The ISE internal CA generates certificates with or without certificate signing requests (CSR) and downloaded in Privacy Enhanced Mail (PEM) format or Public-Key Cryptography Standards (PKCS12) or Privacy Enhanced Mail (PEM) format.  Bulk download certificates can also be generated.

This document describes the procedure for configuring the ISE certificate provisioning portal and provides use-case examples for generating and issuing the pxGrid certificates for the following pxGrid clients:


Note: Please check with your service provider on recommended solutions, this guide is not meant to cover everything but it does show some examples


  • Security solutions using java keystores (can be used for Splunk)
  • Cisco Firepower 6.2, 6.1
  • Stealthwatch 6.9
  • Cisco Web Security Appliance 9.0.1 build 162
Frequent Contributor


Content for Community-Ad