Configure the Calling Router for Certificate-based EAP

Published: April 30, 2010

Updated: April 30, 2010

Applies To: Windows Server 2008, Windows Server 2008 R2

To configure the calling router for certificate-based EAP

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

  1. Open the Routing and Remote Access MMC snap-in.

  2. In the console tree, expand the name of the calling router, and then click Network Interfaces.

  3. In the details pane, right-click the appropriate demand-dial interface, and then click Properties.

  4. On the Security tab, click Advanced (custom settings), and then click Settings.

  5. Under Logon security, click Use Extensible Authentication Protocol (EAP), click Smart card or other certificate (TLS) (encryption enabled), and then click Properties.

  6. In the Smart Card or Other Certificate (TLS) Properties dialog box, click Use a certificate on this computer.

  7. To enable validation of the server certificate, select the Validate server certificate check box, select the Connect to these servers check box, and then type the DNS domain name of the answering router preceded by a period.

  8. In Trusted Root Certification Authorities, click the root certification authority of the answering router, and then click OK.

  9. Click OK to save changes to the security configuration, and then click OK again to save changes to the demand-dial interface.

  10. In the details pane, right-click the demand-dial interface, and then click Set credentials.

  11. In User name on certificate, click the user certificate for this demand-dial connection, and then click OK.


If the root certification authority for the answering router does not appear, the root certification authority certificate for the answering router may be in the personal store rather than trusted root certification authorities store.