Hi, We have WLAN with a Mobile SSID that is configured to use EAP-PEAP with internal PKI. Our internal PKI is 1 offline root ca, and 1 issuing ca. This Mobile network is for consultants that have user account in AD, but wants to connect their Ipad, Iphone, Android, HTC, Own Windows computers++ On the Ipad and Iphones they just select the SSID and type in their username and password, then they are automatically prompted to trust the NPS certificate, they say Yes on this, and then they are connected. The same thing happens on the Windows 7 computers. The problem is when a user has a Windows Vista og XP, Android, HTC and i guess several others. They are not prompted for the certificate. Some of the devices select the SSID and type inn username and password, and then nothing happens, just doesnt get connected. Some other devices type in username and password, and are prompted for the certificate but it will not trust this. These devices are not in AD, so we can not deploy the certificate with GPO, so the question is can we do the following: If we send a request from the NPS to Verisign, and they sign a certificate for us. And then we import this certificate on the NPS, would this work? I have seen some questions about this before (http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/0688c1de-8199-42cd-8e5b-911a581eb22f ) when it comes to NPS sending intermediate certificate and there is problems. Is there any good documentation from Microsoft if this works or not ? And if it does not work, why is that ? If it is support to have Verisign issue a certificate to our NPS, what happens if we use this NPS for another SSID with EAP-TLS, since this needs a RAS and IAS certificate ? Thanks for reply. /R Ole

have you tried Ace's idea in the link you gave?

have you tried Ace's idea in the link you gave?

Hi, Well we could implement the certificate manually, but I would like to see some information from MS about this thing when having a NPS send an intermidiate certificate. /R Ole

Hi, Well we could implement the certificate manually, but I would like to see some information from MS about this thing when having a NPS send an intermidiate certificate. /R Ole

Dear OleTechnet this is because they do not trust the certificate issuer To Solve the problem for Windows Devices You Should do these steps: On Your CA in an elevated command prompt (run as administrator) type : certutil -ca.cert Cert_Issuer.cer This exports the CA certificate with the Cert_Issuer name Then copy this file in windows devices and then import it in trusted root CA in certificate console. After this the windows devices see a warning which says the NPS or the Radius is not trusted or .... but by clicking connect the client can connect . It can be done by command certmgr.exe -add -c "<cert-file>" -s -r localMachine root where <cert-file> is the path to the certificate file. For Android Devices, You should first enable Credential Storage in Security setting menu. this can be achived by setting a password for the phone after enabling credential storage android phone will connect Hope it has helped Please let me know the result **************** Sincerely Yours Ziyaei Ali *****************