We have an existing WPA2 Enterprise EAP-TLS wireless profile configured to utilize a root CA which issues workstation certificates - no issues, the config profile works, sets the network payload and AD certificate payload with no issues. Machines with this config profile installed are able to connect with no problems.
Where we are struggling and needing some assistance is:
We are trying to implement a new Root CA, with an Intermediate CA, as well as two PKI issuing cert servers and a new workstation cert in the chain. We are unable to get this working, it will install all certs and even pull a valid workstation certificate from one of the PKI servers but the Mac is unable to connect to the wireless SSID using these new certs. Our windows workstations can connect with no issue.
In checking the System Log for the eapolclient process (see: https://documentation.meraki.com/MR/Encryption_and_Authentication/Advanced_RADIUS_and_WPA2_Debugging_using_macOS)
We are seeing the following errors:
"Trust evaluate failure: [leaf MissingIntermediate]"
"server certificate not trusted status 6 0"
Is there anyone with a similar setup who has been successful? Most of the discussions I have found are centered around user based certificate authentication and not workstation certificates.
