Sunday, 14 October 2018

How to Create an SSL Certificate for Radius Authentication

Be the first to comment!

Configuring SSL Certificate for Radius Authentication


How do I Create an SSL Certificate?

You can buy real certificates for your Radius server but it is costly, There are free alternatives such as building your own private CA. A Private CA functions exactly like your Public CA, The advantage of Private CA is primarily cost free. The downside is that setting up a private CA to work correctly takes time and skill.

A certificate for windows NPS server can be generated using below steps.

Note: Do not install NPS until you have completed this step!

Installing Certificate Server(ADCS):

Click on Server Manager> Add Roles and Features> Navigate to Active Directory Certifications Services.
On Roles select Certification Authority and click on Next to continue


Click on Next to continue
You will be Presented with Introduction to ADCS, Click on Next to continue. 

On Roles select Certification Authority and click on Next to continue.

On confirmation Select Install to start the installation process.

 Now you will be presented with Installation Progress Prompt.

Post Installation Notification Flag will prompted with an alert to Configure the ADCS. Click on Configure

Provide Credentials as per the Roles described and click on Next to Continue.

Select Certification Authority and Click Next to continue.

You will be prompted with below screen, Where you have an option to select either Enterprise CA or Standalone CA , In our case since we are authentication against Active directory select Enterprise CA and Click Next to continue.

You can specify if you want this server to be a new Root CA or if you want it to be a Subordinate CA. Select Root CA and click on Next to continue.

Select Create a new private key and click on Next to continue.

Go with the defined Cryptography  Standard and click Next to Continue.

The default CA name is fine, it will use the computer name and domain name for this. Click on Next to continue.

Go with Default Validity period of 5 years and Click on Next to continue.

Let the Certificate Logs store in default Location.

Click on Next to Continue.

Review the Configurations on Confirmation Page and Click on Configure to Continue.

Now you will see the Roles being configured and later you will be prompted with below result upon completing.

You’ve Successfully Configured the Active Directory Certification Services. Now we’ll install a computer certificate that we can use to authenticate the RADIUS server to the wireless clients.

How to Create a Radius Computer Certificate?

The RADIUS server will have to present a certificate to the wireless users so that they can verify if they are talking to the correct RADIUS server. Let me show you how to check if you have a computer certificate and otherwise how to generate one.

Click Windows +R, Type “MMC”(Without Quotes)

Click File> Add or Remove Snap-in

Select Certificates from Available snap-ins and click on Add.

Select Computer account and click on Next.

Select Local computer and click on Finish.

Click on Personal > Certificates to see all computer certificates. You should see a certificate that says “Intended Purposes” with Client and Server Authentication. If you installed NPS on a different server, you won’t see a computer certificate here and you’ll have to generate one as well.

If there’s no certificate, we’ll create a new one. Right mouse click on the white space and select Request New Certificate.

You will see the following screen, click Next to continue.

Active Directory Enrollment Policy is already ready For you, click Next to continue.

Click on Domain Controller and Enroll and Finish.

Come back to MMC and you’ll now  see the “Client and Server Authentication “certificate Installed. Make sure you see that it can be used for client and server authentication before you continue.

Your server now has a certificate that can be presented to wireless clients when they request the identity of the RADIUS server. Now we can configure a wireless policy using NPS…

To Progress Further, You'll have to walk through the below link where you will be guided with step by step instructions to configure and create NPS Policies, Radius and a procedure to validate the Wireless devices connectivity through Radius Authentication.

Configuring NPS Policy For Wireless Radius Authentication 

Fahim Raza(Author)

Hi there! my name is Fahim Raza. I am a professional blogger. I like music(Linkin Park), playing games(football) and blogging...

No comments:

Post a comment