Forum Discussion

3zzzie's avatar
3zzzie
Copper Contributor
May 23, 2021

Radius certificate question

I have set-up a NPS Radius server. I want to manually do an export of a certificate, and import it on a private laptop of an employee to get rid of the warning of an untrusted connection.

This is what I have done:

- On another server than my DC I installed AD CA, and gave it the name for example “Test CA”

- Made a copy of the RAS and IAS server template and name it 'Radius template'

- Then I published the template with ‘certificate template to isue’

- On my domain controller where NPS is installed, I see that in the ‘trusted root certification authorities’ the certificate “Test CA” is present.

- Still on my DC, in the ‘personal certificate folder’ I created a new certificate based on the template (Radius template) and I see the a certificate on my DC with the name ‘dcname.domain.be’. This is issued by ‘Test CA’ and has server authentication and client authentication.

- On my NPS server, in ‘network policies’ I changed the PEAP authentication method to use the created certificate (dcname.domain.be).

- I exported the Root certificate “Test CA” and imported that on another, non-domain joined laptop (in the ‘trusted root certification authorities’ folder). If I try to connect to the WiFi netwerk, I still get a warning that the connection is not trusted. On my smartphone the same problem. If I ignore the warning, everything works.

I know you can have a public CA certificate, but my local domain is .local. First I want to solve the above.

No RepliesBe the first to reply

Resources