802.1X Authentication Workflow: Requires the root CA certificate of the issuing authority for the
supplicants’ certificates. This ensures that the server can validate the client certificate during the
EAP-TLS handshake.
Trusted CA Usage: In ClearPass, certificates with "Trusted CA" usage are used for validating client and
server identities during secure authentication exchanges.
Option A: Incorrect. The "ClearPass Server certificate" is used for server-side identity verification and
is not used to validate client certificates.
Option B: Incorrect. Database usage is unrelated to RADIUS/EAP or certificate validation.
Option C: Incorrect. While LDAP/AD integration supports certificate validation, this is not the primary
purpose of Trusted CAs for 802.1X.
Option D: Correct. Trusted CAs for EAP are required to validate client certificates during the
authentication process.
By uploading the root CA as a "Trusted CA with EAP usage," the CPPM can properly authenticate the
certificates presented by the supplicants during EAP-TLS negotiations.
