Hi, > The reason I was attempting this is because I have to provide a service > for roaming users and I was having issues with obtaining a certificate for > the NPS server.
whats wrong with just using your current FR certificate on the NPS box? > Does this mean that I could use a self signed certificate for the NPS that > is recognized by the freeradius and have a commercial certificate on the > freeradius that is then recognized by the clients? what are your clients/userbase? why do you have to use a commercial certificate for your server? if the clients authenticating are your clients then they can have the required private CA installed - the authentication is a closed loop. if you use a commercial cert eg thawte, verisign etc and only use that as trust then anyone can get a cert signed by that commercial CA as a first point to subverting your security alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
