locked
How do I import a user certificate from a trusted intermediate certificate authority RRS feed

  • Question

  • Hi,

    I have successfully imported a third party intermediate certificate authority and I am able to authenticate with PEAP. How can I import a user certificate from that authority so that Windows will authenticate users with it using TLS? I have NPS set up and can authenticate users via TLS in the AD domain, but I need to authenticate using this external user certificate.

    Thank you in advance!

    Wednesday, May 30, 2012 3:24 AM

Answers

  • Hi,

    You need to ensure the third-party root CA has stored in NTAuthCertificates contain. And issue the user certificates from the third-party CA which matching the requirements for EAP-TLS.

    For user certificates, the Subject Alternative Name (SubjectAltName) extension in the certificate contains the user principal name (UPN).

    For more information, please check the following Microsoft article.

    Certificate Requirements for PEAP and EAP

    http://technet.microsoft.com/en-us/library/cc731363.aspx

    Best Regards,

    Aiden


    Aiden Cao

    TechNet Community Support

    Thursday, May 31, 2012 3:34 AM

All replies

  • Hi,

    You need to ensure the third-party root CA has stored in NTAuthCertificates contain. And issue the user certificates from the third-party CA which matching the requirements for EAP-TLS.

    For user certificates, the Subject Alternative Name (SubjectAltName) extension in the certificate contains the user principal name (UPN).

    For more information, please check the following Microsoft article.

    Certificate Requirements for PEAP and EAP

    http://technet.microsoft.com/en-us/library/cc731363.aspx

    Best Regards,

    Aiden


    Aiden Cao

    TechNet Community Support

    Thursday, May 31, 2012 3:34 AM
  • Thank you for the help! I will read the article and see if I can fix the problem.
    Monday, June 4, 2012 2:21 AM