Hey all, I just want to double check that I am doing something correctly as I set up our new radius servers. We currently use PEAP to auth our wireless. My question is about doing the certificates correctly on the new radius servers. We currently use a Global CA cert in the TLS section but everywhere says not to in the config files. I'm confused as to why for PEAP, as we have to have a CA signed cert for all the user devices to not throw a "could not verify cert" creating the TLS tunnel before EAP. Clients installing a cert is a non-starter....there is no way with the amount of visitors. So is a CA signed TLS cert correct for PEAP auth or am I not understanding something in the documentation? I just want to make sure I do this correctly and do not have some giant gaping security hole. Thanks, Adam Taylor