What steps must you perform to deploy a CA-signed identify certificate on an ISE device?

– by 6

What steps must you perform to deploy a CA-signed identify certificate on an ISE device?
A. 1. Download the CA server certificate.
2. Generate a signing request and save it as a file.
3. Access the CA server and submit the ISE request.
4. Install the issued certificate on the ISE.
B. 1. Download the CA server certificate.
2. Generate a signing request and save it as a file.
3. Access the CA server and submit the ISE request.
4. Install the issued certificate on the CA server.
C. 1. Generate a signing request and save it as a file.
2. Download the CA server certificate.
3. Access the ISE server and submit the CA request.
4. Install the issued certificate on the CA server.
D. 1. Generate a signing request and save it as a file.
2. Download the CA server certificate.
3. Access the CA server and submit the ISE request.
4. Install the issued certificate on the ISE.

cisco-exams

6 thoughts on “What steps must you perform to deploy a CA-signed identify certificate on an ISE device?

  1. Correct Answer might be A

    Step 1 Create the Certificate Signing Request for Wildcard Certificates. See Creating a Certificate Signing Request for Wildcard Certificates.

    Step 2 Export the Certificate Signing Request. See Exporting the Certificate Signing Request.

    Step 3 Submit the Certificate Signing Request to a Certificate Authority. See Submitting the CSR to a Certificate Authority.

    Step 4 Import the Root Certificates to the Certificate Store. See Importing the Root Certificates to the Certificate Store.

    Step 5 Bind the Certificate Signing Request with the new public certificate. See Binding the CSR With the New Public Certificate.

    Step 6 Export the CA-Signed Certificate and Private Key. See Exporting the CA-Signed Certificate and Private Key.

    Step 7 Import the CA-Signed Certificate and Private Key in to all the Policy Service nodes. See Importing the CA-Signed Certificate to the Policy Service Nodes.

    https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_e_man_cert.html#84328

    Reply

    1. Actually D might be closer, but in reality both procedures A and D work and are correct. This question is just ambiguous and meant to make the candidate loose marks.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.