Hi,
When users use their iPhones to connect to our Wifi they authenticate to our RADIUS server using their AD username and password. They then get prompted to install a Certificate. This appears to be the same certificate an all devices. This is the certificate that is selected in the Authentication Methods on the NPS server, we are using EAP-PEAP.
The thing I cant quite get my head around is how to revoke access to the network once this certificate has been issued... I have authenticated as a user on a iPhone then disabled the users AD account but am still able to gain access to the corporate wifi. This seems correct as the same certificate is being issued to all users and that certificate is still valid.
How could I revoke the Users access once they have left?
Also.. I would prefer for every user to install their own certificate. I have a Offline Root CA and an online Sub CA that can issue certificates, I want to know if it is possible for each user to install their own certificate when they authenticate to the RADIUS Server making it easier to just revoke their individual certificate.
Any help would be much appreciated as I can't seem to google the correct thing.