As always, thanks Joseph for your educative and helpful posts.
I am quite new to the concepts of certificates. Below is the defination from Microsoft.
On a computer that has the Windows operating system installed, the operating system stores a certificate locally on the computer in a storage location called the certificate store. A certificate store often has numerous certificates, possibly issued from a number of different certification authorities (CAs).
Each of the system certificate stores has the following types:
- Local machine certificate store
This type of certificate store is local to the computer and is global to all users on the computer. This certificate store is located in the registry under the HKEY_LOCAL_MACHINE root. - Current user certificate store
This type of certificate store is local to a user account on the computer. This certificate store is located in the registry under the HKEY_CURRENT_USER root.
So for my client to successfully authenticate, the WLC should have a certificate that is already existing in the client's certificate store?
Below are amongst the licenses that I saw on my window's client certificate store(Comodo ,IdenTrust ,Symantec , Verisign, Microsoft, GoDaddy ,GlobalSign ,DigiCert ,Certum ,Entrust ,Secom ,Actalis ....), will installing certificate from any of these listed CA's on controller help in clients validating the server certificate?
Will installing the certificate on controller comes with a cost?
Certificates seen on Windows 10 client