Using Client Management with Single SSID and EAP-TLS...Which CA Cert Does Windows Laptops use?

  • 1
  • Question
  • Updated 3 years ago
  • (Edited)
I will be using a single SSID and will enable Client Management (CM).  This SSID will be authenticating corporate users via EAP-TLS.  Corporate users will have corporate (windows) laptops along with personal and corporate phones and tablets.  I understand that client management, when enabled, uses its own CA cert and this cert, along with the server and key will need to be used for onboarding.  I also understand that at this point, CM is only compatible with IOS, MAC OS X, Android OS, and Chrome OS.

Without CM, I would normally set up PKI then import the CA cert, Server Cert signed by the CA, and the private key into the Aerohive AP RADIUS server.  I would then create a GPO for auto enrollment and another to deploy the wireless configuration to domain laptops.

My questions is will the CM cert be the same cert that will be used for Windows laptops? To my understanding, you can only enable one CA cert on the Aerohive AP that is acting as a RADIUS Server.  So then you couldn't import a CA from your PKI to use separately for Windows Laptop. So then how will you use one SSID for both onboarding mobile devices and authenticating Corporate owned laptops?
Photo of David Douglas

David Douglas

  • 2 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1

There are no replies.