Today we'are authenticating clients with EAP/TLS. The RADIUS certificate is SHA1. This certificate will expire soon. Since SHA1 is not recommended anymore we're going to enroll SHA256 from a new internal CA (not the same CA that SHA1 is generated from).
To make this as smooth as possible, it would be nice if we in addition could install the SHA256 RADIUS certificate on the ClearPass. After all clients using the new certificate the SHA1 can be deleted.
Is this possible ?
If not, is there another smooth solution ?
ClearPass version 6.5.7.85381
There are currently two servers in a cluster.
All clients are running Win 7 or Win 10.
Using GPO to enroll clients certificate and wireless setup.
//Vollelv