We have setup a 802.1x enabled wifi network (WPA2-Enterprise). We are using NPS as authenticating server. Domain computers are authenticated using a machine certificate from our internal CA (ADCS). We also allow guests to connect to our wifi network using username/password (we set up an AD-account for each guest). However, our guests get a certificate warning when connecting since the certificate of the authenticating server (Auth-5 and Auth-6) is signed by our local PKI (ADCS). To solve this issue we want to use a certificate from a public PKI (Trustzone) for the server in order to get rid of the certificate warnings.

We contacted Trustzone and explained what we wanted to do. They recommended us an UC certificate and sent us three files:

142322231.crt AddTrustExternalCARoot.crt TRUSTZONE Intermediate CA.crt

In the mail they said:

* TRUSTZONE Intermediate CA Should be installed as an intermediary root certificate on your server

* 142322231 Web server certificate.

The certificate 142322231 is valid for authentication of a remote server and to confirm your identity towards a remote server

The certificate 142322231 contains the following information in SAN (Subject Alternate Name): mail.domain.com Auth-5 Auth-6

What steps should we now take to properly use this certificate? Should we use this certificate to authenticate the auth-servers towards all users or just for our guests?

Regards,

Jonas