Our CPPM Radius certificate is getting ready to expire so we're working on renewing it. The question that I've run into, though, is that the current certificate is signed by the OnBoard intermediate CA, in turn signed by the AD CA. Is there a particular need for the Radius cert to be signed by the internal intermediate CA, or would it be fine to use a cert signed directly by the AD CA?