Exam 300-715 topic 1 question 209 discussion

C - Portal. The certificate that resides on the PSN isn’t issued to the BYOD devices. It is used when setting up the trusted communication between the PSN and the device. Not only will you need to apply It to the portals but you will also need it for EAP https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_0110.html#reference_3CE11FC8D0F14A3285E37D197B5646A3 Certificate Usage When you add or import a certificate in to Cisco ISE, you should specify the purpose for which the certificate is to be used: · Admin: For internode communication and authenticating the Admin portal · EAP: For TLS-based EAP authentication · RADIUS DTLS: For RADIUS DTLS server authentication · Portal: For communicating with all Cisco ISE end-user portals · xGrid: For communicating with the pxGrid controller

https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ISE_26_admin_guide/b_ISE_admin_26_byod.html#task_CF674614ECA44F929F859A7229B7AF6D Add Certificates to the Device Portal If you do not want to use the default certificates, you can add a valid certificate and assign it to a certificate group tag. The default certificate group tag used for all end-user web portals is Default Portal Certificate Group.