Hi
I have a question regarding the certificates on ClearPass subscribers.
ClearPass version 6.4.4.
Currently I configure a three node cluster with one publisher and two subscribers.
I would like to have a common name for Guest registration pages and unique names on each host for Radius.
Most of the clients are non-managed BYOD clients and only trust public CA's. A certificate from internal CA isn’t an option.
Onboarding isn't planned to be implemented.
What would be the best certificate strategy?
Option 1. One SAN enabled certificate with one CN like clearpass.domain.com for https and the FQDN for each host as SAN for the Radius service
Option 2. Unique certificates for both https and radius
Option 3 Any suggestions appreciated