I'm attempting to set up Hotspot 2.0 using RadSec on Meraki. The client I am working with provides the AAA server (Radiator) and has provided the CA certs, client cert, and client key. Radsec authentication is a requirement. The issue I am faced with is that they are opposed to importing each individual Meraki Org's CA root certificate to their radius server.

I am wondering what possible workarounds are available to accomplish this task. Radsecproxy is an option, but is less than ideal for this scenario.

Yes, I've opened a case with TAC some time ago and I got the standard answer from the docs. I understand that this is typically not how RadSec is set up. However, I've been able to accomplish this with other vendors. I'm intimately familiar with Meraki wireless (two years installing Meraki solutions for recognized brands at an MSP). I also have a decent understanding of PKIs/Cert based auth, but am by no means an expert. Perhaps I am overlooking something relatively obvious here.

With all that, I'd like to express my appreciation to those of you who took the time to read this post. Thank you!

https://documentation.meraki.com/MR/Encryption_and_Authentication/MR_RADSec