Folks - I am somewhat confused about how certficates can work with Wireless. We have WCS with 2 WiSM controllers with about 80 AP's in the field. We have the SSID to the network "hidden", and also have enabled WPA2/AES. We still use WPA/TKIP for some of the older equipment we need to support.
I am tring to determine the method for setting up a certificate requirement to connect to the corporate wireless network. I know that there are options in the (windows) clients that allow us to "Validate server certificate", but that can be disabled (unchecked).
Without having to create a personal certificate for every user, is there a way to prevent someone from connecting to the wireless network without having our certificate already installed on thier computer - even if they have a valid AD credentials?
Example - one of the group brought in an IPad and was able to connect to the production network w/o having to import/have our primary certificate installed. He was prompted to accept the certificate presented by our SecureACS/Tacacs+ server.