Hi, I'm currently using FreeRADIUS and self-signed certificates with openssl on the same server to authenticate clients with EAP-TLS. Most of these clients run MS Windows. The problem I'm facing is how to easily manage deploying the client certificates. The custom Certificate Authority has already been deployed with Active Directory Group Policy. Each time I want a new client to authenticate I need to manually import the client certificate in the Windows host via "mmc". Is there a way to automatically deploy the client certificates (eg. when a Windows client joins an AD)? Should I stop using openssl on the FreeRADIUS server and use MS Certification Authority instead? Will I have compatibility issues if I do that? Can I keep using openssl certs but with a non-interactive way of deploying them? Thanks, Vieri