Custom certificate for RADIUS server (Windows Server 2019 hosted in Azure)

oliver 1 Reputation point
2021-07-28T00:51:14.223+00:00

Hi,

I currently have a Windows Server 2019 hosted in Azure which has the RADIUS role installed.

I was wondering how I can change the certificate which is being used for authentication.

It's currently using Windows Azure CRP Certificate Generator, however when I upload our certificate and change it from the Network Policies clients are unable to authenticate to the Wireless Network.

118327-screen-shot-2021-07-28-at-104713-am.png

Thanks,
Oli

Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
546 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Candy Luo 12,701 Reputation points Microsoft Vendor
    2021-07-28T07:32:14.547+00:00

    Hi ,

    Our forum mainly focus on Radius authentication issue, please understand we are not familiar with Windows Azure CRP Certificate Generator and have no azure environment to do the test. For azure part, you can add the related azure tag.

    It's currently using Windows Azure CRP Certificate Generator, however when I upload our certificate and change it from the Network Policies clients are unable to authenticate to the Wireless Network.

    Could you please clarify more details? Did you mean upload certificate to Windows Azure CRP Certificate Generator and then authentication failed or change Windows Azure CRP Certificate Generator to custom certificate then authentication failed?

    How did you generate custom certificate?By ADCS or thir-party CA?

    If you deploy a certificate-based authentication method, such as EAP-TLS, PEAP-TLS and PEAP-MSCHAP-v2, you must enroll a server certificate to all of your NPSs. The server certificate must be issued by a certification authority (CA) that is trusted by client computers.

    118548-1.png

    For your reference:

    Manage Certificates Used with NPS

    So your client machine must trust your Root CA. You can also enable CAPI2 event log, it is useful for troubleshooting certificate-related issues. By default, this log isn't enabled. To enable this log, expand Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2, select and hold (or right-click) Operational, and then select Enable Log. Then reproduce the issue again to generate related event log.

    The following article talking about how to troubleshoot 802.1X authentication issue, you could have look:

    Advanced troubleshooting 802.1X authentication

    Best Regards,
    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.