You are here
SEC0031 - ISE 1.1 Node Registration with CA-Signed Certificate
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video demonstrates how to register a Policy Service node to a primary Admin node using CA-signed certificate. The same process applies to registering a secondary Admin node. This step is required when implementing an ISE distributed design for high scalability. This method is preferable over self-signed certificate.
Pros
- Node certificate is automatically trusted by clients assuming their trust the same root CA
- Renewed certificate requires to only be installed on owning node
Cons
- PKI (internal or external) is required
Tag:
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.