We are planning to deploy 802.1x wireless radius to our access points and have a couple questions regarding certificate deployment. We chose to require certificates (TLS) vs passwords (MS-CHAP v2).
Currently we aren't deploying certificates to the domain, but we do have an enterprise Certificate Authority infrastructure in place for this purpose and potential purposes(2008 R2).
The purpose and needs for the certificate template I am seeking to create are just going to be used for client authentication for 802.1x. We will also need to deploy/install certificates for our mac users and potentially mobile devices.
During testing, I duplicated the default 'user' certificate template in our domain seems to be sufficient for our needs, but I fear this template may be opening some security risks in the future, which I would appreciate someones opinion on. I also noticed by default, the private key is exportable, is this a concern? If so, what?
Any opinions for such a scenario and deployment are appreciated, thank you!