I was using a self sign certin my ACS 4.2 and then just advised sour students to unckeck "Validate Server Certificate", but some usere wanting to use there phone have a default setting to verify the cert before establishing a connection and so we have decided to install a valid 3rd party certificate to solve this issue and save the help desk folks numerous callls. In the ACS when you generate a cert request you can use the domain name of the ACS in the request. Would it be better to use the IP of the ACS in this process or should I use the Domain name? I want to make sure we provide the correct info when we request a cert.
Use the domain name of the ACS server. Buying in a cert is a far better idea than using self-signed. The cost (which is pretty low anyway) is more than offset by the reduction in support calls!