An interesting but also somewhat complicated element of deploying a network access method with or without a NAP health evaluation is the use of digital certificates. Digital certificates can be used to provide strong authentication for remote access VPN connections, IEEE 802.1X-authenticated wired and wireless connections, and IPsec-protected traffic.
Additionally, the following NAP enforcement methods use certificates:
· IPsec enforcement uses health certificates
· The 802.1X and VPN enforcement methods use the Protected Extensible Authentication Protocol (PEAP) method, which requires a computer certificate on the NPS server and a corresponding root certificate on the NAP client
Here are the key resources for learning about certificates and access methods with NPS:
· Certificates and NPS
· Certificate Requirements for PEAP and EAP
Additionally, here are two Foundation Network Companion Guides that describe certificate deployment for EAP and PEAP:
· The “Foundation Network Companion Guide: Deploying Server Certificates” available in HTML and Word document format
· The “Foundation Network Companion Guide: Deploying Computer and User Certificates” available in HTML and Word document format
Consume, assimilate, deploy, and enjoy!