As a long term solution, you should consider using an external RADIUS server with an internal/private or third party SSL certificate for your 802.1X authentication.
To resolve your issue now, you can replace the default IAP certificate with a third party SSL certificate
You can use OpenSSL on either Windows or a MacBook to generate the CSR and the private key:
https://knowledge.digicert.com/solution/SO27347.htmlWhen you run the commands it will go through a wizard :
Here’s an example for the IAP CSR
openssl req -nodes -newkey rsa:2048 -keyout Controller-key.key -out Controller-csr.csr
Once you go through the wizard , two files will be generated (Controller-key.key and Controller-csr.csr)
Then create a .pem file:
Creating a .pem with the Private Key and Entire Trust Chain
1. Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:
1. Purchase and generate the certificate
2. The Private Key – Controller-key.key
3. The Primary Certificate – securelogin..crt
4. The Intermediate Certificate - IntermediateCA.crt
5. The Root Certificate - TrustedRoot.crt
Make sure to include the beginning and end tags on each certificate. The result should look like this:
-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: Controller-key.key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: securelogin..crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: IntermediateCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----
Save the combined file as securelogin.yourdomain.pem. The .pem file is now ready to use and it can be uploaded to the IAP
Thank you
Victor Fabian
Pardon typos sent from Mobile