I have a Windows 2008 R2 server setup as a RADIUS/NPS for wireless clients. It works fine for Windows 7 and Windows 8 machines that are members of the domain. When a non-domain client tries to associate with the wireless they are challenged for the username & password but are not able to connect. The system lg has an Schannel entry with event ID 36887. The body of the message says "The TLS protocol defined fatal alert code is 48." EventID.net says code 48 is a "TLS1_Alert_Unknown_CA". This makes sense. I'm using a Windows certificate for the NPS server. A non-domain member would have an issue with the CA for a self issued certificate.
My questions are can I use a 3rd party cert for the NPS server and what are the steps for initiating the certificate request and installing this certificate?