: Turner, Ryan H [mailto:rhtur...@email.unc.edu]
Sent: Wednesday, May 16, 2018 2:56 PM
Subject: Re: Rotating 802.1x RADIUS CA certificate
I definitely echo the comment about private CAs for your RADIUS. Control your
own destiny. If your users are getting onboarded, then private CA chains
should get
Unfortunately, for various reasons, we have had to do this too many times.
Our policy is for the configuration to trust the certificate chain, rather than
the server certificate. That allows you to update the server certificate
without breaking trust.
It you know in advance your new certificat