1
00:00:02,240 --> 00:00:04,930
So to create our NPS server certificate, we're going to

2
00:00:04,930 --> 00:00:13,390
duplicate the RAS and IAS server template once more and pretty

3
00:00:13,390 --> 00:00:15,670
much follow many of the same steps here.

4
00:00:15,670 --> 00:00:19,240
So we're going to uncheck Show resulting changes,

5
00:00:19,240 --> 00:00:24,640
choose Windows Server 2016 for our CA and our certificate recipient.

6
00:00:24,640 --> 00:00:32,610
We'll go to the General tab, and we'll give this a different name. Once

7
00:00:32,610 --> 00:00:36,220
again, one year for the validity period is perfectly acceptable, and we

8
00:00:36,220 --> 00:00:39,670
don't need to publish in Active Directory. We'll go to Cryptography, and

9
00:00:39,670 --> 00:00:45,200
we'll choose Key Storage Provider and again bump the Request hash up to

10
00:00:45,200 --> 00:00:51,980
SHA256. Next, we'll go to the Extensions tab. And for our Application

11
00:00:51,980 --> 00:00:55,010
Policies, we're going to click Edit, and we're going to remove Client

12
00:00:55,010 --> 00:00:56,740
Authentication.

13
00:00:56,740 --> 00:01:02,140
Client authentication is not required for the NPS server certificate template.

14
00:01:02,140 --> 00:01:06,020
So we'll click OK, and now we'll go to the Subject Name field.

15
00:01:06,020 --> 00:01:08,960
And here, we're going to build this information from Active

16
00:01:08,960 --> 00:01:11,950
Directory, and we want to select DNS name from the Subject name

17
00:01:11,950 --> 00:01:15,500
format and make sure that DNS name is also selected in the

18
00:01:15,500 --> 00:01:19,040
alternate subject name section here.

19
00:01:19,040 --> 00:01:23,000
Then finally, we'll go to Security, and we will remove the RAS and

20
00:01:23,000 --> 00:01:30,640
IAS Servers group, and we will add our NPS Servers group as well.

21
00:01:30,640 --> 00:01:43,000
And we'll assign them Read, Enroll, and Autoenroll permissions. Once that's done, click OK.