Hi all,
I have an non elegant solution in mind for this issue on BYOD Android devices running version 11 and unable to select the "do not validate certificate". I understand this improvement on the version adds more security to the enduser connection but implementing a solution that can be easily managed by a non technical enduser does not look that simple.
We have our own PKI signed cert for EAP on ISE 2.7 and changing it to a public CA one (like entrust) is not an option for BYOD because open the door to another private SSID/Subnet using EAP-TLS.
Wondering if there is anything like Onboarding on ISE that we could use to overcome this issue on BYOD devices. I am still exploring options.
thanks in advance.