Hello Airheads,
We are running aruba 7240 controllers, and clearpass as radius server.
We are going to deploy a new SSID, where two types of devices shall be able to authenticate:
- 802.1x EAP-TLS Machine certificate authentication for domain joined laptops (internal CA)
- 802.1x EAP-TLS Client certificate from MS Intune (internal CA)
These two client types obtains their certificate from different internal certificate authoroties. The domain joined laptops, are of course in our active directory, while the devices "onboarded" in microsoft intune, is not.
What is the best way to configure clearpass policies for this setup?
I am thinking about using a OCSP check against the CA for authorizing the intune devices, is that even possible?