Reason that there is no automatic trust, is that unlike with web-sites where there is in DNS an official registration of the domain name, such a registration does not exist for WiFi networks SSIDs. Anyone can pick any SSID, so there is no way to tie that properly to a certificate.
So no, there are no (public, private) certificates that allow users to connect without certificate warnings/proper client configuration.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jul 19, 2022 04:06 AM
From: Cedric De Witte
Subject: Clearpass authentication EAP-PEAP - Public certificates possible?
Hi all,
I have a customer with Aruba Clearpass where they use EAP-PEAP as authentication method to the guest wireless for their BYOD users. To be more specific, patients in a hospital. Solution for authentication is Clearpass Guest.
Is there any best practice for the certificate? On iOS you can trust this easily when connecting, however Android 11 now removed the option to not verify the server certificate which appears as self-signed, however this is a public one from SSL Certificate provider.
Isn't there any option for such case to work with public certificates so that this appears as trusted and everyone can connect seamless?
It's a shame that this can only work smoothly for managed devices on which you can push the certificate. Alternative I can think of is to work with a 'provisioning' page where users have to load certificate first? I'd rather avoid onboard.
Thanks for your advice!