When you generate at Global Level and Import at Global Level.CA signed certificate is applicable for all the edges(1:Many Mapping).However you can explicitly create CSR of each Edge(1:1 mapping) and Import only for those edges as well. Depending upon the business use case you can create/import accordingly.
For eg: If i have multiple tenants and i'm using VSE features,i would prefer creating a separate certificate for each Edge rather doing creating CSR at Global Level and getting applied to all edges.
However for encrypting information sent to the VCNS,we will create CA singed cert of Management software as well(1:1 mapping)
Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
