I have both eap peap and eap tls setup and working. My radius server cert is going to expire soon. I have received new one from public ca. It works fine for eap peap clients. But for my existing eap tls clients they all fail auth when I switch to this new updated rad cert. I see that my public ca has issued this new cert using different root ca then my old one ()the one that is install/config on my securew2 app in the cloud. Securew2 has told me that users will have to onboard again once I change the cert on clearpass and update the cloud app since public ca changed root ca on cert chain. I asked my public ca if they could reissue using the other root ca so my eap tls clients will still work once I do the change. They have told me that shouldn't need reissue as the old root ca (one tls clients currently use) because my new cert root ca is cross signed by the old root ca. They told me that I should be able to use this new one but I still cant seem to get things working correctly. Anyone who is using securew2 had issues like this with root ca changing and clients forced to reonboard? Im not really pki person so if there is some way I could chain these or something. Just looking for way to update the rad cert on servers and not have to force all my onboard clients to have to go thru that process once I make the change.
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
