Security

Sorry if this has been answered somewhere, I just couldn’t find it.  It seems like a typical issue with BYOD.

Our secured WiFi authentication methods is EAP-TLS only.  If a user’s BYOD wants to access the secured Network, she must be OnBoarded, accepted, and installed domain certificate chain.  A typical OnBoarding process.

Problem: user already onboarded her laptop with her school, therefore another certificate resides in her personal certificate store.  When she connects to my secured network, her laptop only presents her school certificate, thus fails the authentication.

Question: Can CPPM Ignore or skip the unknown certificate(s)? or at least check all certificates to find the match? 

Regards,

It all depends on the client;

In Windows you have "Use simple certificate selection" which could give the user a list of certificates that they can try, but again, only one can be selected and sent to the radius server.  https://social.technet.microsoft.com/Forums/en-US/5e56306a-d963-44df-9e3e-91b18b11c300/what-is-the-exact-criterion-for-use-simple-certificate-selection-recommended-checkbox-?forum=w7itpronetworking

On moble platforms, it is much more restricted where you have to setup a WLAN and a certificate that will be used for that WLAN at the same time.  This all of course depends on the mobile platform.  There is no single solution across all platforms that will deal with this.  Better to onboard with unique username and password to sidestep that issue.

Thank you both Tim and Colin for your responses. I am going to accept Colin's solution for now, at least it works for Windows. We will deal with MacBook at another time.

All the other devices can use guest as they only need to access to the Internet.

Regards.

Tested and found it works in Windows 8 and 10:

When you click "Connect using a certificate" it will present a list of personal certificate for you to pick.