Certificates issue during RADIUS authentication using NPS server with PEAP MSCHAPv2

Alexandre Rey

5/12/24, 8:48 AM

I am using NPS as a RADIUS server to authenticate some devices using PEAP MSCHAPv2. I have an issue during the server authentication, I am using a chain of trust certificates, with 1 server cert, 1 intermediate cert and 1 CA cert. The problem is that my device doesn't support chain of trust certificates, but only accepts 1 certificate : the server certificate. I've been looking in the documentation but it isn't mentionned how to configure my NPS to send only the server certificate, and not the whole chain of certificates. Resulting in sending error 42 :bad certificate. Do you have any idea or is it even possible to do this ? Thanks

See 2 wireshark capture of the problem :

certs transmission

bad cert error

195

0 + 0

windows

certificate

radius

peap

nps

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Certificates issue during RADIUS authentication using NPS server with PEAP MSCHAPv2

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.