Wireless Access

Contributor I

IAS without CA

Hi Forum,


I want to use IAS and AD for authentication without using anycertificate or CA, is it possible please share help or configuration with me.

I read different articles but they all include CA for authentication.





Re: IAS without CA

If you want to to 802.1x authentication (whether with client certificates or just username/password), you'll still need a certificate on the RADIUS/IAS side.    This can be a cert purchased from a public trusted authority, one issued from an internal PKI (for example a Microsoft PKI),   or a self-signed certificate.   Either way, you'll want to either make sure your clients trust the certificate (can be pushed through AD if you use a self-signed certificate) or tell the clients not to validate the server certificate (typically not recommended).

I usually use makecert.exe to do self-signed certificates.  You just need to ensure it has the Server Authentication purpose.  A sample is:


makecert.exe -n "CN=dc.mydomain.local" -sr LocalMachine -ss my -r -pe -eku -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -e 01/01/2025


This will create the certificate and iinstall it to the Local Machine's certificate store; you can then reference it in your IAS policies.


Other options for makecert: 




Systems Engineer, Northeast USA

Search Airheads
Showing results for 
Search instead for 
Did you mean: