On May 3, 2021, at 6:30 AM, Vieri Di Paola <vieridipaola@gmail.com> wrote:
The problem I'm facing is how to easily manage deploying the client certificates.
"Magic". :(
The custom Certificate Authority has already been deployed with Active Directory Group Policy.
Each time I want a new client to authenticate I need to manually import the client certificate in the Windows host via "mmc".
Yes.
Is there a way to automatically deploy the client certificates (eg. when a Windows client joins an AD)?
Pay $$$ a month per user for device management software.
Should I stop using openssl on the FreeRADIUS server and use MS Certification Authority instead? Will I have compatibility issues if I do that?
That doesn't really matter. The issue isn't the certificates. The issue is getting them onto the client devices, and configuring them there.
Can I keep using openssl certs but with a non-interactive way of deploying them?
There are MDM solutions available. They're almost always $$$, as this is a non-trivial problem to solve. Alan DeKok.