We're currently using NPS with EAP-PEAP and would like to switch to Clearpass. However all the Windows clients seem to be configured to check server certificates, but no CAs are selected. Can NPS somehow not send the server certificate as the wireless network works currently?
Clearpass sends the certificate and when I tried with test SSID the clients complaint that the certificate is trusted but not on the trusted CA list for the WLAN. Clients can connect once they click Connect.
We're planning to do switchover during maintenance window and I'm not sure all the clients would get new GPO settings instantly if we tried seding new settings with CA added as trusted one. Any idea how to do the migration without causing problems for the users?