06-06-2022, 05:54 PM
Question shows "Install an internal CA signed certificate on the Cisco ISE." as the correct answer.
The problem with this is the employees are able access the portal just fine, but the contractors cannot. This implies that an internal CA signed certificate is already installed on ISE and trusted by the employees' computers, because the internal CA root cert is installed in their trusted root certs store. The contractors' computers do not have the internal CA root cert installed in their trusted root certs store, so it shows up as untrusted.
By changing the cert on ISE from an internal CA signed certificate to a trusted third-party certificate, it will then be trusted by both the employees' and contractors' computers, because the publicly trusted certs are installed by default through security patches.
Correct answer should be "Install a trusted third-party certificate on the Cisco ISE."
The problem with this is the employees are able access the portal just fine, but the contractors cannot. This implies that an internal CA signed certificate is already installed on ISE and trusted by the employees' computers, because the internal CA root cert is installed in their trusted root certs store. The contractors' computers do not have the internal CA root cert installed in their trusted root certs store, so it shows up as untrusted.
By changing the cert on ISE from an internal CA signed certificate to a trusted third-party certificate, it will then be trusted by both the employees' and contractors' computers, because the publicly trusted certs are installed by default through security patches.
Correct answer should be "Install a trusted third-party certificate on the Cisco ISE."