802.1x TLS with OD & Mountain Lion (SCEP?)

Hi All,

We've currently got a 10.8 server setup and running RADIUS, with an existing Open Directory of about 150 users. Airport Extreams and Sonicwalls provide the backbone for our wifi (we're small). For awhile we've been using TTLS, with users authenticating to the RADIUS server as needed (free lancers bring in their own machines), but we're going to be adding a bunch of Mac Pros that will serve as edit bays, think computer lab, and we'd like these to be always connected via system profiles.

Unfortunately I've never worked with SCEP or TLS certicate relationships, and I was wondering if someone could point me to a good starting point. From the research I've done, I believe I can setup SCEP to auto generate an identity for the bay when it connects, but everything I've seen has to deal with MS AD rather then a mac server. I know profile manger offers the ability to configure SCEP for macs, but I'm unsure of the configuration I would need to program, or if even the 10.8 server offers this capability.

As for generating identity certifcates manually, I have no problem going that route, I'm just a little unsure of what credentials I would need to generate for TLS. Can I just run a basic CSR and upload the generated certificate? Would I have to do this for each machine, or can I upload the certificate to a device group profile and populate all the machines that way?

Thanks for the help!