Hi,
I want to use EAP-TLS as a method of authentication for users/computers to join the Wireless. Devices that will connect to the Wireless are part of the domain.
What certificate is preferred to use for this purpose? Computer o User certificates? I guess that it probably depends on what you want to identify or authenticate, a user or a device, but what option is “generally” recommended?
Is there any difference from the point of view of security? Is a computer certificate more secure than a user certificate o vice versa? I have been told that user certificates are easier to compromise (or steal from a windows machine) than computer certificates even if a user doesn’t have Admin privileges in their machine?
I have also been told that using user certificates could result in some issues to pass some Compliance audits.
I would like to be sure that the design complies with the most recommended and secure alternative.
I would appreciate some help.
Many thanks.