NPS certificate authentication, which CA is allowed ?

CS 6 Reputation points
2022-11-03T10:45:51.673+00:00

Hello,

I have set up a NPS server which allows client computers with a certificate signed by our private CA to connect to our wifi.

My question is simple : how does NPS filter "good" and "bad" certificates ? For example, if I have a client certificate signed by a public CA, will NPS allow it to connect since the public root CA is in it's trusted store ?

And how may I configure it to only allow our CA for example ?

Windows for business | Windows Server | Devices and deployment | Set up, install, or upgrade
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. JimmySalian-2011 42,511 Reputation points
    2022-11-03T10:57:11.427+00:00

    Hi,

    If you have deployed your own CA Infrastructure you can deploy the certificates and policies via the Group Policy, also check out this article it defines the process and steps to carry out the configuration for this kind of scenario - nps-manage-cert-requirements. If the Certificate is not configured in the NPS server it will be rejected so external Certificates is not used.

    How NPS integrates with the CA Infra - nps-manage-certificates

    Process on deploying Radius/WIFI clients - nps-radius-clients-configure

    Hope this helps.
    JS

    ==
    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments No comments

  2. CS 6 Reputation points
    2022-11-03T11:02:35.113+00:00

    It's already working.

    At no point I configured which CA certificates the NPS is supposed to accept.

    0 comments No comments

  3. Limitless Technology 44,766 Reputation points
    2022-11-08T09:36:17.997+00:00

    Hello there,

    In simple words, NPS uses an Active Directory Domain Services (AD DS) domain or the local Security Accounts Manager (SAM) user accounts database to authenticate user credentials for connection attempts.

    NPS allows you to centrally configure and manage network access authentication, authorization, and accounting with the following features explained in this article https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-top

    ----------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments

  4. CS 6 Reputation points
    2022-11-09T14:53:40.877+00:00

    Don't bother, I found my answer elsewhere since nobody was trying to read what I wrote before answering...


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.