Managing Certificates Used with NPS

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

If you deploy a certificate-based authentication method, such as EAP-TLS, PEAP-TLS, or PEAP-MS-CHAP v2, you must enroll a server certificate to all of your NPS servers. The server certificate must:

The following objectives assist in managing NPS server certificates in deployments where the trusted root CA is a third-party CA, such as Verisign, or is a CA that you have deployed for your public key infrastructure (PKI) by using Active Directory Certificate Services (AD CS) in Windows Server 2008.

The following objectives are part of managing NPS server certificates: