We are trying to use Peap/ Eap-Tls authentication for the enterprise ssid. I was sugested by a CP engineer to use eap/ Eap-Tls and push the cert to the serverer as well as the client devices. He did not give specification on the type of cert I need. Can we use a self signed CA cert on a production environment? We have multiple devices that would connect to the enterprise Ssid. We intended to push the cert on domain joined devices using a group policy. Or should we buy a public root CA? Appreciate the help.
Take a look at the Certificates 101 Tech Note its a little dated but still perfectly valid for an EAP-TLS deployment. Generally, if you have control over the devices (such as corporate devices) then an internal CA/PKI is perfectly valid.
The minimum you would need:
In Clearpass if you use the EAP-TLS authentication method with everything unchecked, the 5 items in place on top should work.
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.