Hi!
Is it possible to achieve no warnings on a 802.1X SSID using EAP-PEAP with a publicly signed certificate on the RADIUS server for all devices? Including macbooks, ios, win8.1 etc? I would want this to be without touching the devices at all or pre-populating the server certificate manually.
My experience is that if I use a publicly signed certificate, issued to the hostname of the RADIUS server some devices will accept this without warning the first time but many won´t. For example all apple devices will complain, it will say that the certificate is valid, but that it couldn´t validate it. Of course it´s hard to validate a certificate without being authenticated in the first place.
So how do we solve this? Is there a neat trick that I don´t know about? :)
Have a great weekend all!