Install Computer Certificates for Access Clients

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

In addition to adding a certificate to your IAS servers, you must add a certificate to any computer that uses EAP-TLS or PEAP-EAP-TLS authentication. The certificate must be issued from a certification authority (CA) that can follow a certificate chain to a root CA that is trusted by the IAS server.

The computer certificate must also contain the Client Authentication purpose in Enhanced Key Usage extensions and meet other certificate requirements for PEAP and EAP authentication.

For more information about creating a certificate infrastructure, see "Designing a Public Key Infrastructure" in Designing and Deploying Directory and Security Services of this kit.