Windows 10: Public CA for Microsoft NPS authentication - WPA2-Enterprise with 802.1X authentication...

Dear Community,We are implementing the WPA2-Enterprise with 802.1X authentication Microsoft: Protected EAP PEAP from CISCO Meraki AP and Windows NPS as a RADIUS server, with Active Directory acting as a userbase. However, we are not sure what is the certificate from a Certificate Authority CA that can be use in our NPS so that is trusted by clients on the network.We are using self-signed certificate but is not recommended for production deployment, due to dramatically reduced security. specially Android version 11 and up...Please, kindly give me some advise what is the correct what is the

:)

 

NPS with SSL Certificates failing to authenticate after CA move

For years we have been using Windows NPS with Cisco Switch radius to authenticate Ethernet NIC with Workstations using Certificates issued by WIN Root CA

Recently we moved the Root CA from Win 2012 to Win 2019, the rest of the components didnt change.

I am able to get the new certificates from the CA, but my NIC authentication now fails.

The changes we made is update the Root CA hash to use SHA256 instead of the SHA1

I uploaded the new root cert to GPO which got pushed to all the workstations.

I also updated the GPO for the Wired profile to include the new Root CA.

I can confirm the workstation side gets all the changes, but it still fails to authenticate.

Looks like some other people had issues making NPS work with SHA256
Does NPS support SHA256 certificates?

But this wasnt helpful.

Event logs on the server and client dont show any specific errors that i can search

 

certificate authentication prompt to a Microsoft NPS Server

one of my clients face this:

A couple of our Windows 10 PC's have started to show a prompt to join our secure wireless asking which certificate to present as authentication.

We have secure wireless network set up using WPA2-enterprise using certificate authentication to a Microsoft NPS Server. We have User certificates set up to automatically enroll on domain PCs. Normally the only certificate in the user store is the user's automatically-created
domain certificate, but on one of the affected PC's, I see a certificate issued from MS-ORGANIZATION-ACCESS.

Can you tell me how that certificate got there and how I can prevent Windows 10 from prompting the user for a certificate when joining a wireless network?

 

How to we generate certificates for 802.1x wired authentication in windows NPS?

How to generate the CA, server, and client certificates in the NPS server for 802.1x wired authentication. We need these certificates for our application which supports 802.1x wired authentication. We want our device to get authenticated from NPS Radius, but generating the certificates is not clear.