Monday, April 1, 2013

Creating a Self Signed Certificate for NPS for testing

Recently I had need to create a test RADIUS server, using NPS (Network Policy Server).  In order to create PEAP policies, you need a certificate issued to the NPS server.

The correct way to put a certificate on the server is to Issue a real certificate to the NPS server from a real register such as Verisign, or Entrust.

You can also issue a certificate from your own CA authority.

Neither of these options are quick or easy.

What if you just need a certificate to see if something works.

Here's how to do that.

First download from Microsoft the IIS 6.0 Resource kit tools. Included in this tool kit is SelfSSL.  A tool created by Microsoft to issue and install a self-signed SSL certificate.

Launch SelfSSL from Start >Programs > IIS Resources > SelfSSL > SelfSSL (Note: You must run SelfSSL elevated as an Administrator)


Type in the following command to generate a new certificate of key length 1024 with a validity period of 10 years (3652 days):
selfssl.exe /N:CN=fqdn.of.radius.server /K:1024 /V:3652


You'll be prompted to overwrite the settings for site 1, answer with yes.   The certificate will now be in the local computer certificate store.

That's it.  It's installed in the right place, and it's enabled.

Of course, your end devices will not trust the certificate, so you will need to export the certificate, and load it onto devices as a trusted CA.

0 comments:

Post a Comment