labdunn
asked on
Wireless and Windows NPS for non-domain clients
I have a Windows 2008 R2 server setup as a RADIUS/NPS for wireless clients. It works fine for Windows 7 and Windows 8 machines that are members of the domain. When a non-domain client tries to associate with the wireless they are challenged for the username & password but are not able to connect. The system lg has an Schannel entry with event ID 36887. The body of the message says "The TLS protocol defined fatal alert code is 48." EventID.net says code 48 is a "TLS1_Alert_Unknown_CA". This makes sense. I'm using a Windows certificate for the NPS server. A non-domain member would have an issue with the CA for a self issued certificate.
My questions are can I use a 3rd party cert for the NPS server and what are the steps for initiating the certificate request and installing this certificate?
Tx
Bill
My questions are can I use a 3rd party cert for the NPS server and what are the steps for initiating the certificate request and installing this certificate?
Tx
Bill
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
yup - i also use Godaddy :)
Well - you could also bypass this by unchecking the "validate server identity" on non-domain clients.
What non-domain clients do you have?
and is your domain a .local domain, or a public routable, like .com or similar?
from 2017 Public CAs won't issue certificates to "local" domain names
What non-domain clients do you have?
and is your domain a .local domain, or a public routable, like .com or similar?
from 2017 Public CAs won't issue certificates to "local" domain names
ASKER
Got a godaddy cert and non-domain clients are now able to connect.
Thanks
Thanks
are those clients dynamic? is installing the self signed certificate on every device not an option?
I'm using SSL wildcard certificate from Godaddy
http://www.godaddy.com/ssl/ssl-certificates-new2.aspx
works fine, expensive though..