I am trying to find a way to authenticate mobile devices using MAB and EAP-TLS (certs) only. These devices will connect to a Aruba SSID and will be staged under a Airwatch MDM. Currently our Airwatch MDM is ONLY used for staging. Airwatch will be pushing the Windows CA Cert to the mobile devices.
What is the best way to have the mobile devices use the Windows CA cert to authenticate with CPPM? Do I setup a service within CPPM that uses "EAP-TLS with OCSP Enabled"? Do I use the "Certificate Comparison" and use the OCSP URL to the Windows ADCS server? Do I import the Windows root CA into CPPM's trusted lists?
I do know how to use MAB but my main issue is the certificate authentication's piece.