Radius certificate question
I have set-up a NPS Radius server. I want to manually do an export of a certificate, and import it on a private laptop of an employee to get rid of the warning of an untrusted connection. This is what I have done: - On another server than my DC I installed AD CA, and gave it the name for example “Test CA” - Made a copy of the RAS and IAS server template and name it 'Radius template' - Then I published the template with ‘certificate template to isue’ - On my domain controller where NPS is installed, I see that in the ‘trusted root certification authorities’ the certificate “Test CA” is present. - Still on my DC, in the ‘personal certificate folder’ I created a new certificate based on the template (Radius template) and I see the a certificate on my DC with the name ‘dcname.domain.be’. This is issued by ‘Test CA’ and has server authentication and client authentication. - On my NPS server, in ‘network policies’ I changed the PEAP authentication method to use the created certificate (dcname.domain.be). - I exported the Root certificate “Test CA” and imported that on another, non-domain joined laptop (in the ‘trusted root certification authorities’ folder). If I try to connect to the WiFi netwerk, I still get a warning that the connection is not trusted. On my smartphone the same problem. If I ignore the warning, everything works. I know you can have a public CA certificate, but my local domain is .local. First I want to solve the above.
NPS fails to generate logs
I have a new 2025 domain and am setting up 802.1X to allow access to users/computers using certificate based authentication. I have a CA installed on a new 2025 member server and configured that role and also have Group Policies deployed to enroll users/computers with the certificate needed to connect internal WiFi/wired networks. I've verified clients are receiving all needed certs and the root cert. I have installed NPS (same server has CA), registered to AD, added Radius clients and configured policies. Everything looks good except...nothing works. Clients are not receiving authentication responses (just timeouts) and there are no logs being generated. Also, there are no relevant entries in the Windows Event Logs. I enabled auditing via the cmd line and verified it is enabled. I've also forced auditing via Group Policy. I've verified the NPS log location and have even tried moving it to other folders to see if it was a permission issue. I'm out of ideas. What else can I try?