I have a customer that is migrating from an existing external CA to a new external CA. They're currently using their existing CA for EAP-TLS and they want to add the new CA to ISE, so essentially authenticate with both CAs during the migration. Can they just add the cert chain for the new CA, generate and sign a CSR, import the new cert, and mark it to be used for authentication? Is there anything else that needs to be done or any design considerations that they need to be aware of?
... View more