I am having some difficulties with my wireless design. I have implemented PEAP solution with Microsoft radius AD authentication and self signed certificate. Solution was working fine until one of the user bring in their i-phone to work. He has entered his domain username and password and i-phone poped up with message connection requires a certificate and it has downloaded certificate after the message and i-phone was on the the network. Except i-phone all other phone or device require to get certificate either via GP update or manually download and syn to the phone. As this certificates are not published and only available via GP users can not get their phone on the wireless network until i-phone has found the limitations. Can any one please suggest me how can I stop i-phone or i-pad to download this certificate automatically? My main goal is only CEO’s i-pad should be on network no other phone or mobile devices on the network. please help me out.