As mentioned, you can use a service certificate for RADIUS in ClearPass. However, you probably shouldn't move to a public certificate for RADIUS. Instead use a provisioning tool like Mobile/Enterprise device management for company managed devices, or ClearPass Onboard for personal managed devices; and use a private CA (not self-signed certs).
Android 11/12 will not trust a public certificate either, unless your users manually find and select the issuing CA which is cumbersome and error-prone.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jul 29, 2022 03:46 AM
From: Fabio Uguzzoni
Subject: Multiple Radius certificate in Clearpass
Hello Communiy,
I have an issue regarding Android 11 and 12 and the onboarding process. Android it does not trust anymore selfsign/local CA signed certificate. So I should create a Radius certificate on Clearpass signed by a pubblic ca. The problem is that I have already a Radius certificate signed by local CA that allow me to authenticate the pc into the local domain through EAP-TLS.
Do you know if there is a way to let both the radius certificate (the one signed by local CA and the one signed by public CA)?
Kind Regards
FU