An interesting but also somewhat complicated element of deploying a network access method with or without a NAP health evaluation is the use of digital certificates. Digital certificates can be used to provide strong authentication for remote access VPN connections, IEEE 802.1X-authenticated wired and wireless connections, and IPsec-protected traffic.

Additionally, the following NAP enforcement methods use certificates:

·         IPsec enforcement uses health certificates

·         The 802.1X and VPN enforcement methods use the Protected Extensible Authentication Protocol (PEAP) method, which requires a computer certificate on the NPS server and a corresponding root certificate on the NAP client

Here are the key resources for learning about certificates and access methods with NPS:

·         Certificates and NPS

·         Certificate Requirements for PEAP and EAP

Additionally, here are two Foundation Network Companion Guides that describe certificate deployment for EAP and PEAP:

·         The “Foundation Network Companion Guide: Deploying Server Certificates” available in HTML and Word document format

·         The “Foundation Network Companion Guide: Deploying Computer and User Certificates” available in HTML and Word document format

Consume, assimilate, deploy, and enjoy!

 

Joe Davies