Hey all,
I'm having an issue attempting to configure WPA2 Enterprise Wireless Network infrastructure. Allow me to give a little background before moving on to details;
Recently following a cybersecurity assessment one of the findings was that my company uses weak WPA2 PSK wireless infrastructure so I had to change it. I'm essentially a one man IT Dept myself and my knowledge is up to MCSA level 1 on Win Server 2012 (I was told RADIUS is taught at level 2 or 3 which is already beyond me). Pardon me for being an idiot in this - all my knowledge on WPA2 Enterprise comes from online articles.
To the point,
I did many trials and errors trying to get it up and running. I set up RADIUS server using Network Policy Server on Windows Server 2012 R2. I configured RADIUS client before knowing I need a Certificate Authority (CA) so I set that up too.
At first I was setting up PEAP with MSCHAPv2 and all is well. The next move is I wanted to implement EAP TLS instead since PEAP with MSCHAPv2 isn't secure enough.
When it comes to certificates is when it started getting messy. I needed a IIS apparently, to host CertSrv website for client to request for certificates. I added the role but the CertSrv website won't appear on the IIS default webpage despite all my efforts. So I ended up uninstalling CA and reinstalling and reconfiguring the CA and now the website is working properly.
However, my RADIUS server was configured using the old CA certificate and thus I cannot connect any client except those that had the old CA cert before I reinstalled my CA role. My CA server, NPS and IIS are all set up in one physical machine and I tend to get confused when it comes to certificates.
Is there a way to change the CA cert without removing and reconfiguring my NPS RADIUS server? I tried the configuration wizard for NPS but it cannot detect the new CA cert.
For my testing AP I am using a Linksys router running on DDWRT.