Windows 2012 NPS - certificate issue

  • 1
  • Question
  • Updated 1 year ago
Experts,

When connecting Apple devices I dont seem to have any problems, I have noticed having problem with Windows machines. I might have certificate issue. We dont have certificate authority server set up, just using certificate local computer certificates. When I want to connect to 802.x using Windows 7 I have this:



Certificate is valid till 2020. 

Thank You
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes

Posted 1 year ago

  • 1
Photo of Hans

Hans

  • 68 Posts
  • 8 Reply Likes
I believe this is a normal message in Windows 7. You just can click connect and the device will proceed with the procedure.
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes
Thank You Hans,

I forget to mention that I had to install certificate first, other wise I had error. So after just installing certificate on a PC I was able to connect with that warning.

I know it would be simpler just use Aerohive Radius as one of the access points and I have that schedule for summer. Thank You
Photo of Hans

Hans

  • 68 Posts
  • 8 Reply Likes
It is indeed easier when you use an Aerohive AP as RADIUS server, however I don't recommend to use an AP as radius on an high capacity environment (it is 'just' an AP). The Windows 7 client is validating the server certificate , you can disable this setting but you have to do it on every client. 802.1x is most secure offcours if you setup the certificate settings as tight as possible, however it is not an easy task on an BYOD environment, a possible solution is an MDM to take care of the enrollment of different devices.
However, if the environment does not have to support to many users, the Aerohive AP as radius is a great workaround (you still have to configure a certificate).
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes
Thank You again, we have currently 250 802.X users and 60 access points but doubling that in feature. So I guess NPS would be the main radius and Aerohive radius as backup just in case. 

Regarding certificate: the current certificate was issued by previous person and I wonder If I can issue another one - new one with godaddy; since our domain and ssl is with them.