Ted Hardie [ ] [ ] [ x ] [ ] Since there is no guarantee of uniqueness for SSIDs, it seems like there may be a separate step needed when you have the "every SSID is called CORP" problem. This text, in particular: The Wireless LAN (WLAN) System Service identifiers (SSIDs) public key certificate extension is always non-critical. It contains a list of SSIDs. When more than one certificate includes an extended key usage extension indicating that the certified public key is appropriate for use with the EAP in the LAN environment, the list of SSIDs MAY be used to select the correct certificate for authentication in a particular WLAN. may need to contain text on what to do if more than one certificate contains the same octet string as an SSID. Given that the whole thing is a "MAY" the answer may well be "try them in turn" or something very basic, but a note of the problem and what to do would be useful. thanks, Ted