I don't think this is possible, so probably more of a feature request, but nevertheless interested in feedback.
Is it possible to use a different radius server cert for different services in CPPM? The user case I'm thinking is that for corp/domain devices the internally signed server cert is presented. For non-domain/byod devices using EAP-PEAP, they would be presented with a publicly signed server cert and hence a seamless experience.
NPS seems to have this capability and would be nice if it was possible in Clearpass as well.