I created a new CA in ClearPass, rather than using an intermediate CA or importing a CA. For a while I was getting warnings in Guest, letting me know that the recommendation was to use a 3rd party certficate that would be trusted by iOS. I clicked the 'how to fix this' button, and it said that provisioning or authentication may fail by using a self-signed CA. Also, I think it said it wouldn't work for a cluster environment, which I have.
I want to understand the requirement/recommendation for using a 3rd party cert for onboarding if there are any.
Is it okay to make ClearPass Root CA in a cluster environment?
Am I losing anything by not importing a Root CA or Intermdiate CA?