Security

Hello, thanks in advance.  We just bought a "standard SSL cert" for the FQDN of our Clearpass server.  So it's clearpass.corp.abccompany.com.  I imported the RADIUS cert into Clearpass but it barfed so I had to first add two GoDaddy (intermediate and root) certs to the "trust list" in clearpass.  Then I was able to import the GoDaddy RADIUS cert into clearpass.  The problem is when a client connects to the 802.1x wifi they are STILL getting an error like below....this is very frustrating.  We got this error before when the Clearpass RADIUS cert was signed by our domain controller but we hoped that by buying a GoDaddy cert clients would not get this error but we are no better off....any help would be appreciated, thanks.  I know you can push trusted certs with group policy but we will potentially have devices connecting that we cannot control (guest iphones, androids, etc) so I can't push a trusted cert on to the thousands of unknown devices that may connect....

This is not an error. There are dozens of posts on this topic. This is a normal part of using EAP-PEAP. The message is asking you to verify that you want to send your credentials to the server.

Every modern client shows a message during the first authentication.

The only way to bypass this message is to either preconfigure the clients manually, via MDM, something like Group Policy / Profile Manager / QuickConnect, or Onboard them.

It has nothing to do with PKI certificate trust.

You need to combine the server certificate with the intermediate certificate into a text file.  Save that as server.crt  You should then be able to upload that to ClearPass with the private key.  Please see the document below.  Kudos to my co-worker who put together this slide.