Install a Computer Certificate for PEAP
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
When you configure authentication methods for NAP with 802.1X or VPN enforcement, a computer certificate is required to provide server-side Protected Extensible Authentication Protocol (PEAP) authentication. To provide this authentication, Network Policy Server (NPS) uses a computer certificate that is stored in its local computer certificate store.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).
Obtain a computer certificate on NPS
In this procedure, Certificate Manager will be used to obtain a computer certificate from Active Directory Certificate Services (AD CS).
To obtain a computer certificate on NPS
Click Start, click Run, in Open, type mmc, and then press ENTER.
On the File menu, click Add/Remove Snap-in.
In the Add or Remove Snap-ins dialog box, click Certificates, click Add, select Computer account, click Next, and then click Finish.
Click OK to close the Add or Remove Snap-ins dialog box.
In the left pane, double-click Certificates, right-click Personal, point to All Tasks, and then click Request New Certificate.
The Certificate Enrollment dialog box opens. Click Next.
Select the Computer check box, and then click Enroll. See the following example.
Verify that Succeeded is displayed to indicate the status of certificate installation, and then click Finish.
Close the Console1 window.
Click No when prompted to save console settings.