Using CtW to update Microsoft NPS PEAP certs

There is a published POSH-ACME Deploy script to apply a newly updated LE cert to an NPS instance to update the cert bindings for PEAP. This is needed as otherwise NPS can get it wrong and bind a different cert for use with PEAP and breaking wifi.

Can CtW use such a cert without modification, and if so how ?


It’s can’t be used without modification, no. However someone with scripting knowledge could adapt the same approach: Scripting | Certify The Web Docs

The Posh-ACME script looks to have around 4 lines of code that are relevant.

Yeah, I’ve put a wrapper around Set-NPSCertificate, passing in the bits of $result I think it needs.

I’ll see how that gets on.

Using a wrapper wasn’t the best idea as Set-NPSCertificate expects its input to be pipelined in from other PA functions, so I just pulled the guts out into a standalone script and it’s working now in staging.

1 Like

Great! If it seems to work OK feel free to share your script here :slight_smile: