What steps must you perform to deploy a CA-signed identify certificate on an ISE device?
A. 1. Download the CA server certificate.
2. Generate a signing request and save it as a file.
3. Access the CA server and submit the ISE request.
4. Install the issued certificate on the ISE.
B. 1. Download the CA server certificate.
2. Generate a signing request and save it as a file.
3. Access the CA server and submit the ISE request.
4. Install the issued certificate on the CA server.
C. 1. Generate a signing request and save it as a file.
2. Download the CA server certificate.
3. Access the ISE server and submit the CA request.
4. Install the issued certificate on the CA server.
D. 1. Generate a signing request and save it as a file.
2. Download the CA server certificate.
3. Access the CA server and submit the ISE request.
4. Install the issued certificate on the ISE.
Correct Answer might be A
Step 1 Create the Certificate Signing Request for Wildcard Certificates. See Creating a Certificate Signing Request for Wildcard Certificates.
Step 2 Export the Certificate Signing Request. See Exporting the Certificate Signing Request.
Step 3 Submit the Certificate Signing Request to a Certificate Authority. See Submitting the CSR to a Certificate Authority.
Step 4 Import the Root Certificates to the Certificate Store. See Importing the Root Certificates to the Certificate Store.
Step 5 Bind the Certificate Signing Request with the new public certificate. See Binding the CSR With the New Public Certificate.
Step 6 Export the CA-Signed Certificate and Private Key. See Exporting the CA-Signed Certificate and Private Key.
Step 7 Import the CA-Signed Certificate and Private Key in to all the Policy Service nodes. See Importing the CA-Signed Certificate to the Policy Service Nodes.
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_e_man_cert.html#84328
Actually D might be closer, but in reality both procedures A and D work and are correct. This question is just ambiguous and meant to make the candidate loose marks.
Based on joe blow’s image, I am for A.
https://i.imgur.com/S33lImS.png
answers should be verified before posting!
D is wrong.