You are here
SEC0030 - ISE 1.1 Node Registration with Self-Signed Certificate
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video demonstrates how to register a Policy Service node to a primary Admin node using self-signed certificate. The same process applies to registering a secondary Admin node. This step is required when implementing an ISE distributed design for high scalability. The other option is to use trusted CA-signed certificate, which will be looked at in a separate video.
Pros
- PKI is not required
- Fast deployment
Cons
- Certificate is not trusted by client during authentication
- Certificate re-install to all nodes is required after each certificate expiration and renewal
Tag:
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
2 comments
Node group
WE MOVED ONE NODE TO NODE GROUP- POLICY NODE.
NOW ADMIN NODE IS IN WHICH GROUP- IS IT IN SAME GROUP I MEAN NODE GROUP 1
Node group
Node group makes PSNs communicate more efficiently and it is not really for Admin or Monitoring nodes.