WPA2-Enterprise with RADIUS/Microsoft NPS and 3rd Party Certificates
Posted on 2016-11-03
i All - I'm hoping you can help out with a frustrating issue I'm having. I have 2 Unifi AC Pro's and 2 SSIDs. One that will allow all domain joined machines to join and another for other devices, such as phones and tablets that staff will authenticate using using their domain usernames and passwords.
I've setup PEAP using NPS following some guides I found and I've installed a cert from GoDaddy on the NPS server. Everything works and users can authenticate, however, all devices are being prompted with certificate warnings that you have to accept to connect. The message is slightly different depending on the device. Windows 7 states:
The credentials provided by the server could not be validated. We recommend that you terminate the connection and contact your administrator with the inforamation provided in the details. You may still connect but doing so exposes you to security risk by a possible rogue server.
This cert is from a public CA, so I'm guessing I missed a step or configured something incorrectly. The CN on the certificate is wifi.mydomain.com even though the NPS servername is actually nps.mydomain.local. Could that be the issue? I just used IIS on the NPS server to generate the certificate request. What did I miss? I have non-domain joined devices connecting so I don't want to use my own private CA.
I see quite a bit of forums on this topic, but they are all a few years old. I'm hoping someone can guide me in the right direction.