Local Certificate for Server 2012 NPS & WiFi

I’m using the Certify The Web client to obtain an Identity Certificate for use with NPS and Wireless Protected EAP (PEAP) authentication. PEAP needs a certificate for server identity. The client works, gets the cert, and installs it under Local Computer, Personal, Certificates as needed. The certificate can be selected under the PEAP settings in NPS. Everything appears OK.

However, under iPhone, the certificate shows as invalid. My mac prompts to accept the cert, but shows it as OK. Server time is synced with NTP. I’ve read that I need to create/install fullchain.pem, but I’m not sure where Certify puts the pem files. Anyone have any ideas?

So, by default the certificate you create/acquire in Certify is a pfx which contains the full cert chain and private key. You can use a Deployment Task to export individual cert components (see the Certificate Export deployment task) as alternative formats.

Which PEAP server product are you using?

I see you have logged a support ticket as well. Do you want to continue the conversation here or in the support ticket?

Actually I’m wrong, the PFX will include the leaf cert, intermediates and the private key but it doesn’t bundle the root CA certificate which I think that’s what you mean by full chain. I think currently you might need a custom Deployment Tasks to construct that using OpenSSL, we can add it to the Certificate Export deployment task in a future update though.

I’m not really sure what to do. Certs are so weird. It appears most web browsers handle this, or seem to have a chain installed to find the root, so it only comes up when using the cert in Windows identity. Your client is so awesome, and includes the ability to install the certificate inside the local computer certificates, I think it would be great if this was handled. Could you help me with a script of some kind to manage this?

Here is fine, I can’t be the only one wanting to rid myself of the self-signed cert problem using NPS with wifi.


Ultimately, I’m just trying to fix this, whatever the cause.

1 Like