I have set-up a NPS Radius server. I want to manually do an export of a certificate, and import it on a private laptop of an employee to get rid of the warning of an untrusted connection.
This is what I have done:
- On another server than my DC I installed AD CA, and gave it the name for example “Test CA”
- Made a copy of the RAS and IAS server template and name it 'Radius template'
- Then I published the template with ‘certificate template to isue’
- On my domain controller where NPS is installed, I see that in the ‘trusted root certification authorities’ the certificate “Test CA” is present.
- Still on my DC, in the ‘personal certificate folder’ I created a new certificate based on the template (Radius template) and I see the a certificate on my DC with the name ‘dcname.domain.be’. This is issued by ‘Test CA’ and has server authentication and client authentication.
- On my NPS server, in ‘network policies’ I changed the PEAP authentication method to use the created certificate (dcname.domain.be).
- I exported the Root certificate “Test CA” and imported that on another, non-domain joined laptop (in the ‘trusted root certification authorities’ folder). If I try to connect to the WiFi netwerk, I still get a warning that the connection is not trusted. On my smartphone the same problem. If I ignore the warning, everything works.
I know you can have a public CA certificate, but my local domain is .local. First I want to solve the above.