Hi,
I'm trying to deploy CP with onboard using it as an intermediate CA with a Microsoft (MS) infrastucture. The domain is a .local and understand that its not possible to sign the DNS names using a trusted 3rd party like verisign.
However - I figure we should be able to sign the push and distribution certs using the internal CA as devices will have to manually add the internal root CA and intermediate CA (clearpass) before trying to enroll the device and complete the onboarding process.
I've encountered the following challenges:
a) It seems though this doesn't look to be possible?
b) Generating the push cert - doesn't look to be a standard CSR - however I did get it signed by apple - even though clearpass throws a warning.
c) Generation of the distribution cert (CSR) works and I have signed it on the MS Root CA using the web server template. When importing the certifcate though I'm getting the following error message :
- error 20 at 0 depth lookup:unable to get local issuer certificate
Has anyone deployed Clearpass in the same fashion? Is it even possible to achieve using onboard/onguard using Clearpass as an intermediate CA to provision devices and deploy certificates to so they can then authenicate to our Dot1x'd BYOD SSID?
I've read through the deployment guide and I've hit a wall so any help would be greatly appreciated.