RADIUSWindows Server

Renewing a certificate in a Windows RADIUS server

by antoniorennvick
Spread the love

 Renewing a certificate in a Windows RADIUS server involves several steps. Here’s a step-by-step guide to help you through the process:

1. Generate a New Certificate Request

  1. Open the MMC (Microsoft Management Console):
    • Press Win + R, type mmc, and press Enter.
  2. Add/Remove Snap-ins:
    • Go to File > Add/Remove Snap-in.
    • Select Certificates and click Add.
    • Choose Computer account, then Next, and select Local computer.
    • Click Finish and OK.
  3. Create a New Certificate Request:
    • Navigate to Certificates (Local Computer) > Personal > Certificates.
    • Right-click on Certificates, go to All Tasks, and select Request New Certificate.
    • Follow the wizard to generate a new certificate request. Ensure you select the appropriate certificate template (e.g., RAS and IAS Server).

2. Submit the Certificate Request to a CA (Certificate Authority)

  1. Submit the Request:
    • Save the certificate request file (usually with a .req extension).
    • Open the Certification Authority console (certsrv.msc).
    • Right-click on Pending Requests, select All Tasks, and then Submit new request.
    • Browse to and select your certificate request file.
  2. Approve the Request:
    • Find your request in Pending Requests.
    • Right-click on it and select All Tasks > Issue.

3. Install the New Certificate

  1. Retrieve the Issued Certificate:
    • Open the Certification Authority console again.
    • Go to Issued Certificates, find your certificate, right-click on it, and select All Tasks > Export Binary Data.
    • Save the certificate file (usually with a .cer extension).
  2. Import the New Certificate:
    • Open the MMC with the Certificates snap-in (as before).
    • Navigate to Certificates (Local Computer) > Personal > Certificates.
    • Right-click on Certificates, go to All Tasks, and select Import.
    • Follow the wizard to import the new certificate file.

4. Configure NPS (Network Policy Server) to Use the New Certificate

  1. Open the NPS Console:
    • Press Win + R, type nps.msc, and press Enter.
  2. Update the Certificate:
    • Navigate to NPS (Local) > Policies > Network Policies.
    • Find the relevant policy (e.g., Connections to Microsoft Routing and Remote Access Server), right-click on it, and select Properties.
    • Go to the Constraints tab, select Authentication Methods, and click Edit.
    • Select PEAP or EAP (depending on your setup), and then click Edit.
    • Click OK to close the dialogs, then click Apply and OK to save your settings.

5. Restart Services (if necessary)

  1. Restart NPS Service:
    • Open Services (services.msc).
    • Find the Network Policy Server service, right-click on it, and select Restart.
  2. Restart IAS Service:
    • If you are using Internet Authentication Service (IAS), find the Internet Authentication Service in Services, right-click on it, and select Restart.

By following these steps, you should be able to renew the certificate on your Windows RADIUS server successfully. If you encounter any specific issues, make sure to check the event logs for more detailed error messages that can help in troubleshooting.

Leave a Reply

Your email address will not be published. Required fields are marked *