How do I create a self-signed key in Win03 for EAP (MS-CHAPv2)?

[Vette5885]

I'm trying to set up a wireless network at work and I want to use WPA2 Enterprise encryption. We run a server 2003 AD and I have MS IAS running in RADIUS mode. Now I want to have my Linksys WRT54G and WAP54G AP's to authenticate users with the IAS. To do so, I need to have a key that can be used with EAP (I plan on using MS-CHAPv2). The AP's are all set up and I can associate, I just can't authenticate without a server key.

I don't want to pay the $400 or so a year to Verisign - I've heard that I can create a self-signed key in Windows Server and use that instead. Can anybody help me with this? (or even better, link me to a help page)

Any help will be appreciated
Thanks in advance

 

[pigster]

Here's a link: http://www.isaserver.org/img/upl/vpnkitbeta2/installenterpriseca.htm

But consider some of the low cost certificates from godaddy.com and others

 

[da sponge]

But consider some of the low cost certificates from godaddy.com and others

Why? Self signed certs are free and there's no need for an external trusted root CA for internal wlan authentication.

 

[Vette5885]

I have IAS already installed. Now I need to create a self-signed EAP-type key for authentication. Here is what I get when I try to configure the EAP key:

And thank you for your help

 

[pigster]

Why? Self signed certs are free and there's no need for an external trusted root CA for internal wlan authentication.

I understand, but why bother when for $20 you can avoid that annoying certificate warning?

 

[pigster]

I have IAS already installed. Now I need to create a self-signed EAP-type key for authentication.

And thank you for your help

Install Certificate Authority, and then you can just request and install a certificate

 

[Vette5885]

Install Certificate Authority, and then you can just request and install a certificate

This is where I'm getting caught up. In CA, I do "Submit New Request..." and it asks for a file. Which file do I point to?

 

[Athelstan]

I just went though this myself last week. I found this on google groups...

http://groups.google.com/group/micr...q=MS-CHAP+certificate&rnum=3#6d338d3c42902aad

The relevent instructions are below. You'll need your own certificate authority, and I found that using GP to make your local CA trusted on all of your machines helps.

-------

Try the following:

Make sure that the correct key option parameters are configured in the server authentication
certificate. To do this, follow these steps:

1. Start Microsoft Internet Explorer.

2. On the Address bar, type "http://<Local Host>/CertSrv" (without the quotation marks). Click
"Go".

3. On the Welcome page, click "Request a certificate" under "Select a task".

4. On the Request a Certificate page, click "Advanced certificate request".

5. On the Advanced Certificate Request page, click "Create and submit a request to this CA".

6. Make sure that the correct parameters are configured under "Key Options". To do this,
follow these steps:

a. Click "Create New key set".
b. In the "CSP" box, click "Microsoft RSA SChannel Cryptographic Provider".
c. In the "Key Size" box, type "1024" (without the quotation marks).
d. Click "Automatic key container name".
e. Click to select the "Store Certificate in the local computer certificate store" check box.
f. Click "Submit".

 

[Vette5885]

Things seem to be getting better, but...I don't have the RSA option, only "Microsoft Cryptographic Provider" and an enhanced one. I created one anyway, but still can't configure a key for EAP.