hello,
i have a client who provides wireless access to separate entities in
the same building.
Right now he's using LEAP and ACS database. Now he would like to move
toward eap-tls because it's the most secured.

Usually, I install eap-tls within a active directory and distribute
machine certificate via global policy. Now the problem is that his
laptops are not in a Active directory domain because they come from
unrelated entities.

My idea was to use a fictionnal active directory just for the database
purpose, and download machine certificate manually via the web. (the
client gets his hand on each laptop to configure LEAP)

Does anybody have a bright idea to deploy certificates without active
directory; I think that no matter what, we need a database and a CA.

Thank your for your suggestions.