I have been in a rabbit hole for a few days now confused and frustrated. Here is the breakdown.
I have a Windows Server 2008 R2 Enterprise machine running AD CS and IIS.
I have a Windows Server 2008 R2 Enterprise machine running NPS.
I have a Windows Server 2008 R2 Standard machine running AD and DNS.
My CA is a Enterprise Sub. CA that got its cert from my corporate Root CA.
So here are some questions:
I want to run EAP-TLS or PEAP-TLS for secure wireless on machines or for users. Does my Ent. Sub CA need to run on a domain controller?
If my NPS server requests a cert from my CA the only option is a computer cert not a user cert.
Do I also need to request a cert on my DC from my CA?
What are the proceedures for deploying certs through GP? Do they get deployed via the default group policy?