I realize that issuing a cert from our Windows2008 CA,and manually importing it on a device circumvents nearly every feature of ClearPass, and probably makes more work for us in the long-run, but here's what we think we want to do:
- Issue a machine cert from our Windows CA
- Import that cert onto a wireless device (WindowsCE and WindowsEmbedded devices mostly) which is not a member of the Windows Domain.
- Use that cert to authenticate the device to our EAP-TLS SSID
Right now the EAP-TLS is working correctly to authenticate Windows Domain member laptops.
On a deeper look, I see that the cert is being used to encrypt the Windows Domain machine name.
I'd really like to get ClearPass to grant a connection to any device bearing a valid certificate.
How do I (or can I) stop ClearPass from trying to verify user/password or machine-name?
Am I barking up the wrong tree?