Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 308

An engineer must create and sign a new certificate for all the portals in a Cisco ISE environment of a company. The company reports that wildcard certificates are blocked in the environment. Which action must the engineer take before signing the certificate?

Answer options

• A. Create a DNS AAAA record for the FQDN of the Cisco ISE Monitoring node.
• B. Add the FQDN of each portal to the SAN field in the CSR
• C. Add the FQDN of each portal to the CN field in the CSR.
• D. Create a DNS AAA record for the FQDN of the Cisco ISE Administration node.

Correct answer: B

Explanation

The correct answer is B because the Subject Alternative Name (SAN) field must list all the Fully Qualified Domain Names (FQDNs) for the portals in order to be compliant with the certificate requirements. Options A and D are irrelevant as they pertain to DNS records rather than certificate signing, while option C is incorrect since the CN field alone does not support multiple entries necessary for the different portals.