Freeradius and deploying client certificates for Windows OS

[Vieri Di Paola]

Hi,

I'm currently using FreeRADIUS and self-signed certificates with
openssl on the same server to authenticate clients with EAP-TLS.
Most of these clients run MS Windows.

The problem I'm facing is how to easily manage deploying the client
certificates.

The custom Certificate Authority has already been deployed with Active
Directory Group Policy.

Each time I want a new client to authenticate I need to manually
import the client certificate in the Windows host via "mmc".

Is there a way to automatically deploy the client certificates (eg.
when a Windows client joins an AD)?

Should I stop using openssl on the FreeRADIUS server and use MS
Certification Authority instead? Will I have compatibility issues if I
do that?

Can I keep using openssl certs but with a non-interactive way of deploying them?

Thanks,

Vieri