I'm looking to secure our wireless infrastructure and CHAPv2 seems to be what we need but I have a couple of concerns.
Our external domain is company.net but our internal domain where the NPS server would sit is domain.company.local
We have a lot of mobile devices - some are on the domain, some are not.
I'm happy to use an internal certificate or a 3rd party certificate, but given the different domain suffixes, is this going to be possible? If I use a certificate with subject name domain clients won't trust it. If I use subject name of company.net, no clients will trust the NPS server.
How do I get all domain PCs and domain/non-domain mobile devices to trust and connect to the NPS server?