Thanks Brian I’ve spent an entire day back and forth on this.
1) No I did not create a computer name in AD. Is that a requirement for EAP/TLS?
2) Close the port? My port is open aka not authenticating me. I can give the exact details once I speak to the network guy.
3) Servername “blank” I get an error “domain suffix mismatch”. I fix this just by typing in the same name.FQDN of the ISE server and it shuts up.
4) I do not append a .crt or pfx on anything. The details I gave above is exactly what the I have. The system appends .crt to both and installs. 8021x cert shows up as pfx when browsing to it but changes to scep_cert_$TN.crt when reviewing the settings.
I’m not 100% following you in the last paragraph but I think we’re on the same path.