Skip to main content

Creating a Self Signed Certificate for NPS for testing

Recently I had need to create a test RADIUS server, using NPS (Network Policy Server).  In order to create PEAP policies, you need a certificate issued to the NPS server.

The correct way to put a certificate on the server is to Issue a real certificate to the NPS server from a real register such as Verisign, or Entrust.

You can also issue a certificate from your own CA authority.

Neither of these options are quick or easy.

What if you just need a certificate to see if something works.

Here's how to do that.

First download from Microsoft the IIS 6.0 Resource kit tools. Included in this tool kit is SelfSSL.  A tool created by Microsoft to issue and install a self-signed SSL certificate.

Launch SelfSSL from Start >Programs > IIS Resources > SelfSSL > SelfSSL (Note: You must run SelfSSL elevated as an Administrator)


Type in the following command to generate a new certificate of key length 1024 with a validity period of 10 years (3652 days):
selfssl.exe /N:CN=fqdn.of.radius.server /K:1024 /V:3652


You'll be prompted to overwrite the settings for site 1, answer with yes.   The certificate will now be in the local computer certificate store.

That's it.  It's installed in the right place, and it's enabled.

Of course, your end devices will not trust the certificate, so you will need to export the certificate, and load it onto devices as a trusted CA.

Comments

Popular posts from this blog

Embed a Slideshow from Picasa Web / Google Plus

One of the great features of Picasa Web was that you could embed a Flash slideshow of your albums. Google would even give you the code to do it.  There was a button that said Embed and it would give you the code. Just cut and paste and you were done. With the migration to Google Plus Photos, this disappeared. Here's a work around. Use the following link to get back to the original PicasaWeb site. https://picasaweb.google.com/ lh/myphotos?noredirect=1 Hopefully the embed button makes a re-appearance, or Google leaves the old page up forever. *******UPDATE******* One of the commenters below posted this website. http://www.slidemypics.com/ It seems to work pretty good!

WPAD does not resolve in DNS

At work, we're doing a POC (proof of concept) with a web-proxy, specifically Ironport Websecurity Appliance. Like most all proxies, you have to get the traffic from the client to the proxy. It supports transparent traffic redirection, but we're looking at using WPAD instead. However, when I created the WPAD DNS entry, it didn't resolve. C:\>ping wpad Ping request could not find host wpad. Please check the name and try again. C:\>nslookup wpad <DNSServer1> Server: <DNSServer1>.domain.net Address: <IPofDNSServer1> *** <DNSServer1>.domain.net can't find wpad: Non-existent domain This of course, is a big problem. It took a little investigating, but I found the cause. Windows Server 2008 introduced a new feature, called "Global Query Block list", which prevents some arbitrary machine from registering the DNS name of WPAD. This is a good security feature, as it prevents someone from just joining your network, and setting himsel