Using P-EAP with MS supplicant on the Client and with no modification to the CTL (CA Trust List), I need to install a Certificate on the ACS that is issued from a Root CA listed in the Client CTL.
Verisign, whom I've contacted, can easily provide a certificate for MS RADIUS/IAS authentication servers, but when I asked for a Cisco ACS server certificate, they replied that "unfortunately VeriSign has not received details from Cisco if the WLAN certificates are applicable"!
I believe that the kind of certificate needed is a Server identification certificate, but should not be based on the IP address (the IP is a private address). Can you provide me any more details or further references on the matter? I would be grateful for any information given!