Share via


Install a Computer Certificate for PEAP

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

When you configure authentication methods for NAP with 802.1X or VPN enforcement, a computer certificate is required to provide server-side Protected Extensible Authentication Protocol (PEAP) authentication. To provide this authentication, Network Policy Server (NPS) uses a computer certificate that is stored in its local computer certificate store.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

Obtain a computer certificate on NPS

In this procedure, Certificate Manager will be used to obtain a computer certificate from Active Directory Certificate Services (AD CS).

To obtain a computer certificate on NPS

  1. Click Start, click Run, in Open, type mmc, and then press ENTER.

  2. On the File menu, click Add/Remove Snap-in.

  3. In the Add or Remove Snap-ins dialog box, click Certificates, click Add, select Computer account, click Next, and then click Finish.

  4. Click OK to close the Add or Remove Snap-ins dialog box.

  5. In the left pane, double-click Certificates, right-click Personal, point to All Tasks, and then click Request New Certificate.

  6. The Certificate Enrollment dialog box opens. Click Next.

  7. Select the Computer check box, and then click Enroll. See the following example.

  8. Verify that Succeeded is displayed to indicate the status of certificate installation, and then click Finish.

  9. Close the Console1 window.

  10. Click No when prompted to save console settings.