question

PeachTea-6734 avatar image
0 Votes"
PeachTea-6734 asked LimitlessTechnology-2700 answered

Using NPS under alternative domain

Hi,

We have an Active Directory ending in .local, let's call it contoso.local. We have a self-signed/custom CA within our domain which we use for issuing certificates under contoso.local. Our NPS server currently performs RADIUS authentication for our Wi-Fi clients. For Wi-Fi clients that don't trust our contoso.local self-signed CA (most of them), the clients must ignore the untrusted certificate warning. This is obviously not ideal, and with Android 11 it's no longer possible to ignore/bypass untrusted wifi certificates.

Because we have a contoso.local domain, we're unable to get a publically trusted certificate issued to us. We do however have a public domain, constoso.com, for which we have a publically trusted certificate for on our website among other things. Our AD users also have contoso.com as their primary UPN suffix. Is it possible to configure NPS to use contoso.com to prove it's identity instead of contoso.local, or do I need to look at using something like FreeRADIUS?

At the moment, it seems the certificate that's used for RADIUS authentication is for dc01.contoso.local. I'm basically asking if I can specify a custom domain/hostname so when clients connect to our Wi-Fi they're getting a certificate for say dc01.contoso.com instead, which is publically trusted.

Cheers

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @PeachTea-6734 ,

Have you tried to assign manually the certificate in the NPS settings?

NPS Console > Policies > Network Policy. Choose your policy for wireless and then on the "Constraints" tab > Authentication Methods > EAP Types > Edit > Choose the new certificate

Best regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @PeachTea-6734

You can Manage Certificates Used with NPS , the below link will help you out

https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-manage-certificates

If that is no helpful you can also try Creating an Offline Certificate Request in Windows Server.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.