Symptom
TLS certificate provisioning for Apple iOS devices failing because the endpoints installing "Thawte Premium Server CA" instead of "thawte primary Root CA"
Conditions
"thawte primary Root CA" imported in ISE is cross-signed by "Thawte Premium Server CA". And, ISE PSN nodes are using a certificate signed by Thawte and designated it for HTTPS/SSL use.
Workaround
Delete the existing "Thawte Premium Server CA" and "thawte primary Root CA". Import "thawte primary Root CA" from https://www.thawte.com/roots/thawte_Primary_Root_CA.pem. And, restart ISE services.
If deletion does not work, try removing HTTPS protocol assignment to thawte-signed local certificate first. Or, contact Cisco TAC for help.
Further Problem Description
