Export certificates from the ISE/ISE-PIC server for use in the Cloud-Delivered Firewall Management Center

Certificate exported from Identity Services Engine (ISE) / Identity Services Engine - Passive Identity Connector (ISE-PIC) servers enables secure authentication between the Cloud-Delivered Firewall Management Center and ISE systems.

You might need to export one, or as many as three, certificates, depending on how your ISE system is set up:

One certificate for the pxGrid server
One certificate for the monitoring (MNT) server
One certificate, including the private key, for the pxGrid client (that is, the Cloud-Delivered Firewall Management Center)

Unlike the first two certificates, this is a self-signed certificate.

These certificates are then imported into the Cloud-Delivered Firewall Management Center:

pxGrid client certificate: internal certificate with key (Objects > PKI > Internal Certs)
pxGrid server certificate: trusted CA (Objects > PKI > Trusted CAs)
MNT certificate: trusted CA