SOLVED: Where to Assign a Certificate on a Network Policy Server (RADIUS)

If you have a Windows Network Policy Server aka RADIUS, you have to deal with certificates from time to time. When a certificate expires on your NPS server it can be a real problem to locate where NPS hides the certificate settings.

1. Obtain or Create a Certificate:
   Ensure you have a valid certificate that includes Server Authentication. This can be obtained from a trusted Certificate Authority (CA) or generated internally using a Windows CA
2. Install the Certificate:
   The certificate should be installed in the NPS servers local computer’s PERSONAL STORE
3. Launch the Network Policy Server (NPS) Console:
   Click START and type NPS, the click on NPS console
4. Configure the Certificate:
   In the NPS console, expand POLICIES > NETWORK POLICIES
   Select the relevant policy for your VPN or wireless connections (create a new policy if one doesn’t exist)
   Click the CONSTRAINTS tab
   Click AUTHENTICATION METHODS
   Ensure Microsoft: Protected EAP (PEAP) or Smart Card or other certificate is selected
   Click the EDIT button
   In the PEAP Properties or EAP Properties window, click on the Certificate issued dropdown
   Select the correct certificate from the list. If the certificate is not listed, ensure it has been correctly installed in the personal store and has the proper EKU (Enhanced Key Usage)
5. Apply and Confirm Settings:
   After selecting the certificate, click OK to apply the settings. Confirm that the NPS server is now using the correct certificate for authentication