Help needed with an expired RAS and IAS Server Certificate

Recently my users started to experience problems getting onto our internal wireless network. As I am fairly new, I do not know how it is configured but through the event viewer I saw this - "The certificate received from the remote server has either expired or is not yet valid. The SSL connection request has failed. The attached data contains the server certificate."

I have opened Certificate Services on the server (my NPS) and noticed that the certificate expired on 17th December.  I figured out how to create a new personal certificate but I am stuck as to what to do now.  Do I drag it into the Trusted Root Certificate Authority?  How do I deploy it?  I have found where I can do this in Group Policy but I cannot see how it was done before, that is to say that in Group Policy, the original certificate is not there.  How do I test this new certificate works and am I supposed to assign a key to it or something?

Any help would be gratefully received.
LVL 4
fuzzyfreakAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Craig BeckCommented:
It may be that RAS doesn't use the NPS service for authentication.  If it doesn't you just need to renew the certificate on the NPS server and delete the expired one.

If you do use NPS for RAS authentication you'll need to choose the certificate to use.

In NPS, open Policies then Network Policies then find the policy which uses the certificate.  If you open the relevant policy there will be a drop-down box in either the Condition or Constraint which determines the authentication protocol.  This drop-down box allows you to choose which certificate to use.  Change it to the new certificate and that should be it.

If you're unsure where to go just post a screenshot of your NPS server's Network Policies page and I'll direct you from there.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fuzzyfreakAuthor Commented:
Many thanks for your help, I looked where you instructed me to and found where the certificate was configured but it gave a different date to the expired one and one that showed an expiry of 11th July this year.  I looked for the new one I created and though I think I found it (there were only four to choose from) this too gave me a completely different date.  The new one I created showed an expiry of twelve months time, this one gave me an expiry of 2019 - so I am left rather baffled.  Either way, changing the certificate did not resolve the issue so my boss took control and reconfigured our WAPs to use a pre-shared key, thus bypassing RADIUS/NPS.  To be honest, where we are located, this will suffice I think, so I would say this question is now redundant.

Thanks very much for your comprehensive assistance.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.