I have multiple NPS network policies using Microsoft PEAP with a self-signed certificate. When our internal CA automatically renews the certificate, all of the network policies switch to another (it appears, random) certificate installed on the NPS server. When this happens wireless clients cannot authenticate, wreaking havoc in our infrastructure.
The certificate template upon which the self-signed certificate is based automatically renews the certificate 6 weeks prior to expiration. To mitigate this issue I've set a reminder for myself to edit the NPS policies and select the renewed certificate. But I'm an IT firefighter, and sometimes fires keep me from routine tasks, even important ones.
Is there a way to tell NPS to use the renewed certificate instead of picking some certificate at random?
Best Answer
It's not possible to control which certificate NPS will select when the certificate configured for use by a Network Policy is automatically renewed. Therefore, the best course of action is to do the following: