Thanks Cam,
I spoke with the TAC and was able to deploy the same certificate to both functions by generaitng requests using openssl and this removing the private key from the control of amigopod. a little bit more work but its certainly worth the hassle.
Below is the process outlined by the TAC for anybody trying the same thing.
>>1) Generate a CSR + Private Key
>>Amigopod can not be used for this step because there a no options to
>>export the private key during any CSR creation page. I used openssl
>>from MAC command line to generate the CSR and key. Openssl will ask
>>the usual CSR options (Country, State, Common Name, etc) and will ask
>>for a private key passphrase.
>>
>># openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout
>>privateKey.key
>>
>>2) Get the CSR signed by your choice of CA. For my testing, I signed
>>it by Amigopod's own certificate authority, MDPS.
>>
>>3) Install the certificate for Amigopod Web SSL. Administrator ->
>>Network Setup -> SSL Certificate. Upload the signed certificate, any
>>intermediate certificates given by CA (concatenated into one file),
>>the root certificate, and the private key. Enter the private key
>>passphrase defined in step 1.
>>
>>4) Install the certificate for Amigopod EAP termination. RADIUS ->
>>Authentication -> EAP & 802.1X -> Import Server Certificate. Upload
>>the signed certificate, private key, and root certificate as done in step 3.
>>The only difference is that you will need to concatenate the
>>intermediate
>>certificate(s) and root certificate into one .pem file.