@Eatsshootsandleaves said in Setting up a MS 2019 PKI for secure Wifi access - will this break anything in domain??:
Newbie to Certificate Services and while everything in our domain fine I need to refresh our Wifi setup to be more secure and using certs with EAP-TLS seems to be the best way to go.
Introducing a PKI into our domain is there any chance this may break existing functionality - I only want this PKI for Wifi nothing else. Thanks guys
No, you can bring up a PKI such as AD CS without any impact to existing infrastructure.
Once you distribute certificates, and require them for WiFi connection as in your example, only then will it have an obvious impact.
Of course there are many variables at play, but generally speaking, without any major or crazy numbers in any aspect, it won't mess with anything simply by creating a PKI.
Just make sure to use proper planning in every aspect. It's a PITA to revoke, remove, and redistribute certs because you didn't plan for something and need to make a change.