Fair enough :smileyhappy:
I was afraid that I had once again missed something obvious!
We have a single service that does all our of user authentication for a specific SSID.
We have two types of a users that hit this service, we have our users who are from the offices that are local and then our users who visit from overseas.
We created two separate certificate authorities within Onboard to make it easier to filter out devices/users.
Currently we have modified the OCSP URL inside the CA so the OCSP check hits the correct CA.
After speaking with Aruba and having it suggested that it is probably a better solution to do the override through the EAP-TLS method we started investigating how this could be done.
The end goal was to eventually simply the services by splitting them apart.
None of this is a necessity.
I am mainly trying to make sure that our configuration is as good as it can be and easy to follow.
Thank you,
Cheers