Customer already has a wildcard cert issued by a Public CA. They want to have a public Guest login page using the publically signed cert, and for internal BYOD/Onboarding/Domain users they want to use a different cert. This is due to naming (public domain name is different than the corporate one for this entity).
Is there a way to use one HTTPS cert for the MGMT port traffic, and another for the DATA port traffic? Expecting the answer is "no," what would the suggestions be for this- SAN with entries for the different FQDNs for the two networks that ClearPass would resolve on?