If you do not want to purchase a certificate for the connection to an authentication server (Radius) from a public certification authority (CA), then you can also create this in your Active Directory with your own CA. In this case, however, you must install the root certificate and, if applicable, the intermediate certification authority certificate on the authentication server.
- To do this, enable the role Active Directory Certificate Services with the setup type Enterprise on the Active Directory server or on a member server.
- Create a technical user account in your Active Directory – for example, TPservice –, which allows the Hub(s) to log on to the authentication server.
- Then log on to the member server with this account.
- Open the Certificate Management in the MMC.
- Highlight the certificate store Certificates (Current User)→ Personal and select All Tasks→ Request New Certificate.
Member server: requesting a user certificate for the Hub
- In the Request Certificates menu, open the properties of the User certificate to be created.
Member server: changing the settings of the user certificate
- On the Private Key tab, mark the certificate’s private key as exportable.
Member server: marking the private key as exportable
- If you have several CAs in your Active Directory, select the CA on the Certification Authority tab. You must distribute its root certificate to the authentication devices.
Member server: selecting a specific CA
- Finally, select the User certificate type and click Enroll to install the certificate on the local machine. This is automatically stored in the certificate store Certificates (Current User)→ Personal).
Server: installing the user certificate on the local machine
- Export the certificate with its key (file format.pfx).
Member server: exporting the user certificate for the Hub
- Assign a password when exporting.
Member server: securing the certificate’s key with a password