Categories: Windows Server

SOLVED: Where to Assign a Certificate on a Network Policy Server (RADIUS)

If you have a Windows Network Policy Server aka RADIUS, you have to deal with certificates from time to time. When a certificate expires on your NPS server it can be a real problem to locate where NPS hides the certificate settings.



  1. Obtain or Create a Certificate:
    Ensure you have a valid certificate that includes Server Authentication. This can be obtained from a trusted Certificate Authority (CA) or generated internally using a Windows CA
  2. Install the Certificate:
    The certificate should be installed in the NPS servers local computer’s PERSONAL STORE
  3. Launch the Network Policy Server (NPS) Console:
    Click START and type NPS, the click on NPS console
  4. Configure the Certificate:
    In the NPS console, expand POLICIES > NETWORK POLICIES
    Select the relevant policy for your VPN or wireless connections (create a new policy if one doesn’t exist)
    Click the CONSTRAINTS tab
    Click AUTHENTICATION METHODS
    Ensure Microsoft: Protected EAP (PEAP) or Smart Card or other certificate is selected
    Click the EDIT button
    In the PEAP Properties or EAP Properties window, click on the Certificate issued dropdown
    Select the correct certificate from the list. If the certificate is not listed, ensure it has been correctly installed in the personal store and has the proper EKU (Enhanced Key Usage)
  5. Apply and Confirm Settings:
    After selecting the certificate, click OK to apply the settings. Confirm that the NPS server is now using the correct certificate for authentication

Published by
Ian Matthews

This website uses cookies.