SOLVED: Where to Assign a Certificate on a Network Policy Server (RADIUS)
If you have a Windows Network Policy Server aka RADIUS, you have to deal with certificates from time to time. When a certificate expires on your NPS server it can be a real problem to locate where NPS hides the certificate settings.
Obtain or Create a Certificate: Ensure you have a valid certificate that includes Server Authentication. This can be obtained from a trusted Certificate Authority (CA) or generated internally using a Windows CA
Install the Certificate: The certificate should be installed in the NPS servers local computer’s PERSONAL STORE
Launch the Network Policy Server (NPS) Console: Click START and type NPS, the click on NPS console
Configure the Certificate: In the NPS console, expand POLICIES > NETWORK POLICIES Select the relevant policy for your VPN or wireless connections (create a new policy if one doesn’t exist) Click the CONSTRAINTS tab Click AUTHENTICATION METHODS Ensure Microsoft: Protected EAP (PEAP) or Smart Card or other certificate is selected Click the EDIT button In the PEAP Properties or EAP Properties window, click on the Certificate issued dropdown Select the correct certificate from the list. If the certificate is not listed, ensure it has been correctly installed in the personal store and has the proper EKU (Enhanced Key Usage)
Apply and Confirm Settings: After selecting the certificate, click OK to apply the settings. Confirm that the NPS server is now using the correct certificate for authentication