In reference to setting up a Certificate Authentication Profile ...
I see that "basic certificate checking" does not require an identity source. I'm wanting to ensure I know what "basic certificate checking" means. My assumption is the all that is checked is:
1) Was the cert issued by a Trusted CA?
2) Has the cert expired? Has a valid/current date
3) Has the cert been revoked?
My take on this is if I have machine certs issued by some Root CA (not my AD) then I could use the basic checking to verify that the cert was issued by the appropriate CA (I've installed the Trusted Root Cert on my ISE) and was therefore a trusted device for EAP-FAST/EAP-TLS machine authentication purposes.
Is this correct? Thanks