What if the plan is to create a completely segregated SSID where most of the users trust the certifcate?
What we're trying to do in our scenario is to use WPA2/AES with RADIUS and have domain users connect with non-domain devices, but I don't want them to have to click Accept when the certificate warning pops up. I know not all devices will trust it, but if I can at least get the major ones like Windows and Mac that would be good.
Right now we're using a Windows 2008 R2 domain member server, running NPS & IIS. We generated a CSR using IIS directly on the server , had it signed by Thawte, imported it, had RADIUS push it out to clients, which is working, but is still showing up as 'not verified' by every client I've tried.
Am I missing something? Thanks.