Microsoft® Windows® Security Resource Kit, Second Edition

Planning Certificates for 802.1x Authentication

To use 802.1x authentication, you must deploy to the RADIUS server, at minimum, a certificate with the Server Authentication EKU OID. If you are implementing EAP-TLS authentication, you must also deploy a computer certificate or a user certificate, or both.

Computer Certificates for RADIUS Servers

For RADIUS servers, it is recommended you deploy the default RAS and IAS Server certificate template. This certificate template implements the required Server Authentication EKU OID and is intended for deployment at remote access and RADIUS servers.

The only modification required for the RAS and IAS Server certificate template is to assign the RAS and IAS Servers domain local group Read, Enroll, and ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft® Windows® Security Resource Kit, Second Edition by Ben Smith, Brian Komar, The Microsoft Security Team

Planning Certificates for 802.1x Authentication

Computer Certificates for RADIUS Servers

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly